diff --git a/parts/linux/cloud-init/artifacts/cse_install.sh b/parts/linux/cloud-init/artifacts/cse_install.sh index e43711058bc..9b7b30f1ab4 100755 --- a/parts/linux/cloud-init/artifacts/cse_install.sh +++ b/parts/linux/cloud-init/artifacts/cse_install.sh @@ -22,7 +22,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/parts/linux/cloud-init/nodecustomdata.yml b/parts/linux/cloud-init/nodecustomdata.yml index 77d9a0cfbe9..861987954c5 100644 --- a/parts/linux/cloud-init/nodecustomdata.yml +++ b/parts/linux/cloud-init/nodecustomdata.yml @@ -85,13 +85,6 @@ write_files: content: !!binary | {{GetVariableProperty "cloudInitData" "provisionConfigs"}} -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - {{GetVariableProperty "cloudInitData" "componentManifestFile"}} - - path: {{GetInitAKSCustomCloudFilepath}} permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData b/pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData index 9e35c7d54f6..3f742f70bda 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Containerd/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+Containerd/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Containerd/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+Containerd/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData index 7d6da19bc41..d1f867e4ee4 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/CustomData b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/CustomData index 7d6da19bc41..d1f867e4ee4 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/CustomData b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/CustomData index b45459b1b58..29711340dfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/CustomData b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/CustomData index b45459b1b58..29711340dfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/CustomData b/pkg/agent/testdata/AKSUbuntu1604+Docker/CustomData index 9e35c7d54f6..3f742f70bda 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Docker/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+Docker/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+Docker/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+Docker/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+Docker/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+Docker/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+Docker/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+Docker/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/CustomData b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/CustomData index 767f7f27575..532dda4178f 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/CustomData b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line307.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line307.sh rename to pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line321.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line321.sh rename to pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/CustomData b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/CustomData index 265f9a4cdfa..3c6955b56a1 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line229.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line308.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+K8S115/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line308.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line322.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+K8S115/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line322.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/CustomData b/pkg/agent/testdata/AKSUbuntu1604+K8S115/CustomData index 9e35c7d54f6..3f742f70bda 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line315.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line315.sh rename to pkg/agent/testdata/AKSUbuntu1604+K8S115/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line329.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line329.sh rename to pkg/agent/testdata/AKSUbuntu1604+K8S115/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S115/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S115/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/CustomData b/pkg/agent/testdata/AKSUbuntu1604+K8S117/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line307.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+K8S117/line307.sh rename to pkg/agent/testdata/AKSUbuntu1604+K8S117/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line321.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+K8S117/line321.sh rename to pkg/agent/testdata/AKSUbuntu1604+K8S117/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S117/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S117/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/CustomData b/pkg/agent/testdata/AKSUbuntu1604+K8S118/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line307.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+K8S118/line307.sh rename to pkg/agent/testdata/AKSUbuntu1604+K8S118/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line321.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+K8S118/line321.sh rename to pkg/agent/testdata/AKSUbuntu1604+K8S118/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+K8S118/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+K8S118/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/CustomData b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/CustomData index 7d6da19bc41..d1f867e4ee4 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+KubeletConfigFile/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/CustomData b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/CustomData index 9e35c7d54f6..3f742f70bda 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line208.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line215.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line308.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line308.sh rename to pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line322.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line322.sh rename to pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+OSKubeletDisk/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/CustomData b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/CustomData index 652ac6f811e..286678b58c7 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line209.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line209.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line209.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line216.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line216.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line216.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line216.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line223.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line223.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line223.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line302.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line302.sh similarity index 100% rename from pkg/agent/testdata/CustomizedImage/line302.sh rename to pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line302.sh diff --git a/pkg/agent/testdata/CustomizedImage/line316.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line316.sh similarity index 100% rename from pkg/agent/testdata/CustomizedImage/line316.sh rename to pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line316.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/CustomData b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/CustomData index 04536e4c71c..5af16d4e522 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line209.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line209.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line209.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line216.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line216.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line216.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line216.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line223.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line223.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line223.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line302.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line302.sh similarity index 100% rename from pkg/agent/testdata/CustomizedImageKata/line302.sh rename to pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line302.sh diff --git a/pkg/agent/testdata/CustomizedImageKata/line316.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line316.sh similarity index 100% rename from pkg/agent/testdata/CustomizedImageKata/line316.sh rename to pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line316.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/CustomData b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/CustomData index 652ac6f811e..286678b58c7 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line105.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line112.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line119.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line120.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line127.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line134.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line141.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line142.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line149.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line156.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line163.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line170.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line209.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line209.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line209.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line216.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line216.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line216.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line216.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line223.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line223.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line223.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line309.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line302.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line309.sh rename to pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line302.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line323.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line316.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+TempDisk+Containerd/line323.sh rename to pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line316.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line40.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line77.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line84.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line91.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line98.sh b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/CustomData b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/CustomData index 708eba045fb..be1683e4679 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line309.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line309.sh rename to pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line323.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+TempDiskExplicit/line323.sh rename to pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/CustomData index e32a0be1d1d..d16f98177f7 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line229.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line307.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line307.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line321.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+ArtifactStreaming/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line321.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/CustomData index a538d1e9197..b1b64a83866 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line309.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line309.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line323.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1604+TempDiskToggle/line323.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line314.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line314.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line328.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd++GPU+runcshimv2/line328.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/CustomData index f83ec9d1f24..3aa07a25cdf 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Certsd/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+ContainerdVersion/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/CustomData index c19b5c59a01..019f18c093a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+IPAddress+FQDN/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+IPMasqAgent/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+Calico/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/CustomData index e32a0be1d1d..d16f98177f7 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line229.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line307.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line307.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line321.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet+FIPSEnabled/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line321.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/CustomData index e32a0be1d1d..d16f98177f7 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line229.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line307.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line307.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line321.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Kubenet/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line321.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line314.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line314.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line328.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG+NoFabricManager/line328.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/CustomData index 4f56bfee572..5ab31348c74 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line229.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line308.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line308.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line308.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line308.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line322.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line322.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line322.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line322.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line314.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line314.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line328.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+MIG/line328.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+MotD/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line315.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line315.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line329.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+NSeriesSku/line329.sh rename to pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/CustomData b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+PrivateACR/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+Teleport/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/CustomData b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Containerd+runcshimv2/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/CustomData b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+CustomCATrust/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/CustomData b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/CustomData index 134b88c9f9c..c08ca59037f 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=false/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/CustomData b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/CustomData index a8427efb36c..4a2c97821b7 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+Disable1804SystemdResolved=true/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/CustomData b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/CustomData index 708eba045fb..be1683e4679 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+DisableCustomData/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/CustomData b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/CustomData index a538d1e9197..b1b64a83866 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+HTTPProxy/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/CustomData b/pkg/agent/testdata/AKSUbuntu1804+krustlet/CustomData index 818c2dfbf57..a47df7e00bd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line105.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line112.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line119.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line120.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line127.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line134.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line141.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line142.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line149.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line156.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line163.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line170.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line208.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line215.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line222.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line307.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804+krustlet/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line321.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+KubeletClientTLSBootstrapping/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804+krustlet/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line40.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line77.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line84.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line91.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line98.sh b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804+krustlet/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/CustomData b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/CustomData index 52d9c5ea776..ba4daf84b9d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line105.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line112.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line119.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line120.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line127.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line134.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line141.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line142.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line149.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line156.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line163.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line170.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line208.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line215.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line222.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line307.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line321.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+NoArtifactStreaming/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line40.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line77.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line84.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line91.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line98.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/CustomData b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/CustomData index 381ebff1cad..24b4473a423 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line105.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line112.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line119.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line120.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line127.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line134.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line141.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line142.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line149.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line156.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line163.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line170.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line208.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line215.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line222.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line307.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line321.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+NoneCNI/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line40.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line77.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line84.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line91.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line98.sh b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+NoCustomKubeImageandBinaries/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/CustomData b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/CustomData +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line105.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line112.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line119.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line120.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line127.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line134.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line141.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line142.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line149.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line156.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line163.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line170.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line208.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line215.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line222.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line307.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+krustlet/line307.sh rename to pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804+krustlet/line321.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804+krustlet/line321.sh rename to pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line40.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line77.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line84.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line91.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line98.sh b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/CustomData b/pkg/agent/testdata/AKSUbuntu2204+China/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+China/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+China/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804ARM64Containerd+CustomKubeImageandBinaries/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+China/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+China/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+China/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+China/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/CustomData b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/CustomData index ce0cc4daee5..5b55f9cef40 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line229.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line307.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line307.sh diff --git a/pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line321.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu1804Containerd+RuncVersion/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line321.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/CustomData b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/CustomData index b1a32730282..63e7ead5d2a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line215.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line215.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line222.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line222.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line222.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line229.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line229.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line229.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line307.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+China/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line307.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+China/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line321.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+China/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line321.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/CustomData b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/CustomData index 2f537ad9c75..2d58bd8dde8 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line314.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line314.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line328.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG+ArtifactStreaming/line328.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line77.sh index 01efed1dfe3..46a1ce3a3ea 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line77.sh @@ -1,2 +1,66 @@ -{} -#EOF +#!/bin/bash +set -x +mkdir -p /root/AzureCACertificates +certs=$(curl "http://168.63.129.16/machine?comp=acmspackage&type=cacertificates&ext=json") +IFS_backup=$IFS +IFS=$'\r\n' +certNames=($(echo $certs | grep -oP '(?<=Name\": \")[^\"]*')) +certBodies=($(echo $certs | grep -oP '(?<=CertBody\": \")[^\"]*')) +for i in ${!certBodies[@]}; do + echo ${certBodies[$i]} | sed 's/\\r\\n/\n/g' | sed 's/\\//g' > "/root/AzureCACertificates/$(echo ${certNames[$i]} | sed 's/.cer/.crt/g')" +done +IFS=$IFS_backup + +cp /root/AzureCACertificates/*.crt /usr/local/share/ca-certificates/ +/usr/sbin/update-ca-certificates + +cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem + +action=${1:-init} +if [ $action == "ca-refresh" ] +then + exit +fi + +(crontab -l ; echo "0 19 * * * $0 ca-refresh") | crontab - + +cloud-init status --wait +repoDepotEndpoint="${REPO_DEPOT_ENDPOINT}" +sudo sed -i "s,http://.[^ ]*,$repoDepotEndpoint,g" /etc/apt/sources.list + +systemctl stop systemd-timesyncd +systemctl disable systemd-timesyncd + +chrony_conf="/etc/chrony/chrony.conf" +if [ ! -e "$chrony_conf" ]; then + apt-get update + apt-get install chrony -y +fi + +cat > $chrony_conf < "/root/AzureCACertificates/$(echo ${certNames[$i]} | sed 's/.cer/.crt/g')" -done -IFS=$IFS_backup - -cp /root/AzureCACertificates/*.crt /usr/local/share/ca-certificates/ -/usr/sbin/update-ca-certificates - -cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem - -action=${1:-init} -if [ $action == "ca-refresh" ] -then - exit -fi -(crontab -l ; echo "0 19 * * * $0 ca-refresh") | crontab - - -cloud-init status --wait -repoDepotEndpoint="${REPO_DEPOT_ENDPOINT}" -sudo sed -i "s,http://.[^ ]*,$repoDepotEndpoint,g" /etc/apt/sources.list - -systemctl stop systemd-timesyncd -systemctl disable systemd-timesyncd - -chrony_conf="/etc/chrony/chrony.conf" -if [ ! -e "$chrony_conf" ]; then - apt-get update - apt-get install chrony -y +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done -cat > $chrony_conf < /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/CustomData b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/CustomData index e6a0c03071d..a15b8c79afc 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line314.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line301.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line314.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line301.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line328.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line315.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+Containerd+MIG/line328.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line315.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line77.sh index 01efed1dfe3..46a1ce3a3ea 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line77.sh @@ -1,2 +1,66 @@ -{} -#EOF +#!/bin/bash +set -x +mkdir -p /root/AzureCACertificates +certs=$(curl "http://168.63.129.16/machine?comp=acmspackage&type=cacertificates&ext=json") +IFS_backup=$IFS +IFS=$'\r\n' +certNames=($(echo $certs | grep -oP '(?<=Name\": \")[^\"]*')) +certBodies=($(echo $certs | grep -oP '(?<=CertBody\": \")[^\"]*')) +for i in ${!certBodies[@]}; do + echo ${certBodies[$i]} | sed 's/\\r\\n/\n/g' | sed 's/\\//g' > "/root/AzureCACertificates/$(echo ${certNames[$i]} | sed 's/.cer/.crt/g')" +done +IFS=$IFS_backup + +cp /root/AzureCACertificates/*.crt /usr/local/share/ca-certificates/ +/usr/sbin/update-ca-certificates + +cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem + +action=${1:-init} +if [ $action == "ca-refresh" ] +then + exit +fi + +(crontab -l ; echo "0 19 * * * $0 ca-refresh") | crontab - + +cloud-init status --wait +repoDepotEndpoint="${REPO_DEPOT_ENDPOINT}" +sudo sed -i "s,http://.[^ ]*,$repoDepotEndpoint,g" /etc/apt/sources.list + +systemctl stop systemd-timesyncd +systemctl disable systemd-timesyncd + +chrony_conf="/etc/chrony/chrony.conf" +if [ ! -e "$chrony_conf" ]; then + apt-get update + apt-get install chrony -y +fi + +cat > $chrony_conf < "/root/AzureCACertificates/$(echo ${certNames[$i]} | sed 's/.cer/.crt/g')" -done -IFS=$IFS_backup - -cp /root/AzureCACertificates/*.crt /usr/local/share/ca-certificates/ -/usr/sbin/update-ca-certificates - -cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem - -action=${1:-init} -if [ $action == "ca-refresh" ] -then - exit -fi -(crontab -l ; echo "0 19 * * * $0 ca-refresh") | crontab - - -cloud-init status --wait -repoDepotEndpoint="${REPO_DEPOT_ENDPOINT}" -sudo sed -i "s,http://.[^ ]*,$repoDepotEndpoint,g" /etc/apt/sources.list - -systemctl stop systemd-timesyncd -systemctl disable systemd-timesyncd - -chrony_conf="/etc/chrony/chrony.conf" -if [ ! -e "$chrony_conf" ]; then - apt-get update - apt-get install chrony -y +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done -cat > $chrony_conf < /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/CustomData b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/CustomData index 0482be09b75..307da4b97ad 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line308.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line308.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line322.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomCloud+ootcredentialprovider/line322.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/CustomData b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/CustomData index 0482be09b75..307da4b97ad 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line308.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line308.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line322.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomCloud/line322.sh rename to pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/CustomData b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/CustomData index 0482be09b75..307da4b97ad 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+CustomLinuxOSConfig/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/CustomData b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/CustomData index b48c341aee7..448de6cd614 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+CustomKubeletConfig+SerializeImagePulls/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/CustomData b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation+CustomKubeletConfig/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/CustomData b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+DisableKubeletServingCertificateRotation/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/CustomData b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOff/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/CustomData b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/CustomData index 708eba045fb..be1683e4679 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithFilterTable/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/CustomData b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/CustomData index 0482be09b75..307da4b97ad 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+IMDSRestrictionOnWithMangleTable/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/CustomData b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/CustomData index 9feb15215fe..85a2df7c89e 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+ImplicitlyDisableKubeletServingCertificateRotation/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/CustomData b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/CustomData index 708eba045fb..be1683e4679 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation+CustomKubeletConfig/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/CustomData b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/CustomData index 708eba045fb..be1683e4679 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+KubeletServingCertificateRotation/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/CustomData b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/CustomData index 708eba045fb..be1683e4679 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+OutboundTypeBlocked/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/CustomData b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNil/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/CustomData b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+OutboundTypeNone/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/CustomData b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/CustomData index 23e09bb6e87..ee719022f3a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line308.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line308.sh similarity index 100% rename from pkg/agent/testdata/RawUbuntu/line308.sh rename to pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line308.sh diff --git a/pkg/agent/testdata/RawUbuntu/line322.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line322.sh similarity index 100% rename from pkg/agent/testdata/RawUbuntu/line322.sh rename to pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line322.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/CustomData b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/CustomData index 8166d6f628a..8d8603d6bbf 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line308.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line308.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line322.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SSHStatusOff/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line322.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/CustomData b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/CustomData index 8c7289ab42b..644ed72928a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SSHStatusOn/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/CustomData b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/CustomData index 611036ba19e..66fa24f170d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line315.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line315.sh rename to pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line329.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SecureTLSBoostrapping/line329.sh rename to pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/CustomData b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/CustomData index c0b4743dbeb..82935128686 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line315.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line315.sh rename to pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line329.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SecureTLSBootstrapping+CustomAADResource/line329.sh rename to pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/CustomData b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/CustomData index e772f3e36b8..8dd7a87a100 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/CustomData +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line105.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line105.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line112.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line112.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line119.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line120.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line127.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line127.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line134.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line134.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line141.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line142.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line149.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line149.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line156.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line156.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line163.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line163.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line170.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line208.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line215.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line215.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line222.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line307.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line300.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line307.sh rename to pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line300.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line321.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line314.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SecurityProfile/line321.sh rename to pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line314.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line40.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line40.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line77.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line77.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line84.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line84.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line91.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line91.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line98.sh b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line98.sh +++ b/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/CustomData b/pkg/agent/testdata/AzureLinuxV2+Kata/CustomData index a8ebea123d7..7282fd37fb7 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/CustomData +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line103.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line103.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line110.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line110.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line117.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line118.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line125.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line125.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line132.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line132.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line139.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line139.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line146.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line146.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line153.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line153.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line160.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line160.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line167.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line205.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line212.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line212.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line219.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line307.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line297.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line307.sh rename to pkg/agent/testdata/AzureLinuxV2+Kata/line297.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line321.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line311.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+SerializeImagePulls/line321.sh rename to pkg/agent/testdata/AzureLinuxV2+Kata/line311.sh diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line39.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line39.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line75.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line75.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line82.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line82.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line89.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line89.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line96.sh b/pkg/agent/testdata/AzureLinuxV2+Kata/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AzureLinuxV2+Kata/line96.sh +++ b/pkg/agent/testdata/AzureLinuxV2+Kata/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/CustomData b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/CustomData index a8ebea123d7..7282fd37fb7 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/CustomData +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line103.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line103.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line110.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line110.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line117.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line118.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line125.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line125.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line132.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line132.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line139.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line139.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line146.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line146.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line153.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line153.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line160.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line160.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line167.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line205.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line212.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line212.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line219.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line307.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line297.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line307.sh rename to pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line297.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line321.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line311.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+cgroupv2/line321.sh rename to pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line311.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line39.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line39.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line75.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line75.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line82.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line82.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line89.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line89.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line96.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line96.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/CustomData b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/CustomData index a8ebea123d7..7282fd37fb7 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/CustomData +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line103.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line103.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line110.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line110.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line117.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line118.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line125.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line125.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line132.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line132.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line139.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line139.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line146.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line146.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line153.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line153.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line160.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line160.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line167.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line205.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line212.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line212.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line219.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line307.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line297.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line307.sh rename to pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line297.sh diff --git a/pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line321.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line311.sh similarity index 100% rename from pkg/agent/testdata/AKSUbuntu2204+ootcredentialprovider/line321.sh rename to pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line311.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line39.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line39.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line75.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line75.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line82.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line82.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line89.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line89.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line96.sh b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line96.sh +++ b/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/CustomData b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/CustomData index a8ebea123d7..7282fd37fb7 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/CustomData +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line103.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line103.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line110.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line110.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line117.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line118.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line125.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line125.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line132.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line132.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line139.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line139.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line146.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line146.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line153.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line153.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line160.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line160.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line167.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line205.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line212.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line212.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line219.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line304.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line297.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxV2+Kata/line304.sh rename to pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line297.sh diff --git a/pkg/agent/testdata/AzureLinuxV2+Kata/line318.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line311.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxV2+Kata/line318.sh rename to pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line311.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line39.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line39.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line75.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line75.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line82.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line82.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line89.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line89.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line96.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line96.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/CustomData b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/CustomData index a8ebea123d7..7282fd37fb7 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/CustomData +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line103.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line103.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line110.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line110.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line117.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line118.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line125.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line125.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line132.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line132.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line139.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line139.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line146.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line146.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line153.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line153.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line160.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line160.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line167.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line205.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line212.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line212.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line219.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line304.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line297.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line304.sh rename to pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line297.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line318.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line311.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=false/line318.sh rename to pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line311.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line39.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line39.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line75.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line75.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line82.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line82.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line89.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line89.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line96.sh b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line96.sh +++ b/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/CustomizedImage/CustomData b/pkg/agent/testdata/CustomizedImage/CustomData index 45769dcc76a..2731ed0c984 100644 --- a/pkg/agent/testdata/CustomizedImage/CustomData +++ b/pkg/agent/testdata/CustomizedImage/CustomData @@ -32,7 +32,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -64,13 +64,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/CustomizedImage/line100.sh b/pkg/agent/testdata/CustomizedImage/line100.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/CustomizedImage/line100.sh +++ b/pkg/agent/testdata/CustomizedImage/line100.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/CustomizedImage/line107.sh b/pkg/agent/testdata/CustomizedImage/line107.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/CustomizedImage/line107.sh +++ b/pkg/agent/testdata/CustomizedImage/line107.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line114.sh b/pkg/agent/testdata/CustomizedImage/line114.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/CustomizedImage/line114.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line115.sh b/pkg/agent/testdata/CustomizedImage/line115.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/CustomizedImage/line115.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/CustomizedImage/line122.sh b/pkg/agent/testdata/CustomizedImage/line122.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/CustomizedImage/line122.sh +++ b/pkg/agent/testdata/CustomizedImage/line122.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line129.sh b/pkg/agent/testdata/CustomizedImage/line129.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/CustomizedImage/line129.sh +++ b/pkg/agent/testdata/CustomizedImage/line129.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line136.sh b/pkg/agent/testdata/CustomizedImage/line136.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/CustomizedImage/line136.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line137.sh b/pkg/agent/testdata/CustomizedImage/line137.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/CustomizedImage/line137.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line144.sh b/pkg/agent/testdata/CustomizedImage/line144.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/CustomizedImage/line144.sh +++ b/pkg/agent/testdata/CustomizedImage/line144.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/CustomizedImage/line151.sh b/pkg/agent/testdata/CustomizedImage/line151.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/CustomizedImage/line151.sh +++ b/pkg/agent/testdata/CustomizedImage/line151.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/CustomizedImage/line158.sh b/pkg/agent/testdata/CustomizedImage/line158.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/CustomizedImage/line158.sh +++ b/pkg/agent/testdata/CustomizedImage/line158.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/CustomizedImage/line165.sh b/pkg/agent/testdata/CustomizedImage/line165.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/CustomizedImage/line165.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/CustomizedImage/line203.sh b/pkg/agent/testdata/CustomizedImage/line203.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/CustomizedImage/line203.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/CustomizedImage/line210.sh b/pkg/agent/testdata/CustomizedImage/line210.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/CustomizedImage/line210.sh +++ b/pkg/agent/testdata/CustomizedImage/line210.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line217.sh b/pkg/agent/testdata/CustomizedImage/line217.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/CustomizedImage/line217.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line304.sh b/pkg/agent/testdata/CustomizedImage/line295.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line304.sh rename to pkg/agent/testdata/CustomizedImage/line295.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line318.sh b/pkg/agent/testdata/CustomizedImage/line309.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+DisableUnattendedUpgrades=true/line318.sh rename to pkg/agent/testdata/CustomizedImage/line309.sh diff --git a/pkg/agent/testdata/CustomizedImage/line35.sh b/pkg/agent/testdata/CustomizedImage/line35.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/CustomizedImage/line35.sh +++ b/pkg/agent/testdata/CustomizedImage/line35.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/CustomizedImage/line72.sh b/pkg/agent/testdata/CustomizedImage/line72.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/CustomizedImage/line72.sh +++ b/pkg/agent/testdata/CustomizedImage/line72.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/CustomizedImage/line79.sh b/pkg/agent/testdata/CustomizedImage/line79.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/CustomizedImage/line79.sh +++ b/pkg/agent/testdata/CustomizedImage/line79.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/CustomizedImage/line86.sh b/pkg/agent/testdata/CustomizedImage/line86.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/CustomizedImage/line86.sh +++ b/pkg/agent/testdata/CustomizedImage/line86.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImage/line93.sh b/pkg/agent/testdata/CustomizedImage/line93.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/CustomizedImage/line93.sh +++ b/pkg/agent/testdata/CustomizedImage/line93.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/CustomizedImageKata/CustomData b/pkg/agent/testdata/CustomizedImageKata/CustomData index 45769dcc76a..2731ed0c984 100644 --- a/pkg/agent/testdata/CustomizedImageKata/CustomData +++ b/pkg/agent/testdata/CustomizedImageKata/CustomData @@ -32,7 +32,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -64,13 +64,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/CustomizedImageKata/line100.sh b/pkg/agent/testdata/CustomizedImageKata/line100.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line100.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line100.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/CustomizedImageKata/line107.sh b/pkg/agent/testdata/CustomizedImageKata/line107.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line107.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line107.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line114.sh b/pkg/agent/testdata/CustomizedImageKata/line114.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/CustomizedImageKata/line114.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line115.sh b/pkg/agent/testdata/CustomizedImageKata/line115.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/CustomizedImageKata/line115.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/CustomizedImageKata/line122.sh b/pkg/agent/testdata/CustomizedImageKata/line122.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line122.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line122.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line129.sh b/pkg/agent/testdata/CustomizedImageKata/line129.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line129.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line129.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line136.sh b/pkg/agent/testdata/CustomizedImageKata/line136.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/CustomizedImageKata/line136.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line137.sh b/pkg/agent/testdata/CustomizedImageKata/line137.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/CustomizedImageKata/line137.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line144.sh b/pkg/agent/testdata/CustomizedImageKata/line144.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line144.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line144.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/CustomizedImageKata/line151.sh b/pkg/agent/testdata/CustomizedImageKata/line151.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line151.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line151.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/CustomizedImageKata/line158.sh b/pkg/agent/testdata/CustomizedImageKata/line158.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line158.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line158.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/CustomizedImageKata/line165.sh b/pkg/agent/testdata/CustomizedImageKata/line165.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/CustomizedImageKata/line165.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/CustomizedImageKata/line203.sh b/pkg/agent/testdata/CustomizedImageKata/line203.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/CustomizedImageKata/line203.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/CustomizedImageKata/line210.sh b/pkg/agent/testdata/CustomizedImageKata/line210.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line210.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line210.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line217.sh b/pkg/agent/testdata/CustomizedImageKata/line217.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/CustomizedImageKata/line217.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line304.sh b/pkg/agent/testdata/CustomizedImageKata/line295.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line304.sh rename to pkg/agent/testdata/CustomizedImageKata/line295.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line318.sh b/pkg/agent/testdata/CustomizedImageKata/line309.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=false/line318.sh rename to pkg/agent/testdata/CustomizedImageKata/line309.sh diff --git a/pkg/agent/testdata/CustomizedImageKata/line35.sh b/pkg/agent/testdata/CustomizedImageKata/line35.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line35.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line35.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/CustomizedImageKata/line72.sh b/pkg/agent/testdata/CustomizedImageKata/line72.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line72.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line72.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/CustomizedImageKata/line79.sh b/pkg/agent/testdata/CustomizedImageKata/line79.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line79.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line79.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/CustomizedImageKata/line86.sh b/pkg/agent/testdata/CustomizedImageKata/line86.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line86.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line86.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/CustomizedImageKata/line93.sh b/pkg/agent/testdata/CustomizedImageKata/line93.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/CustomizedImageKata/line93.sh +++ b/pkg/agent/testdata/CustomizedImageKata/line93.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/CustomData b/pkg/agent/testdata/MarinerV2+CustomCloud/CustomData index 5e0783882a6..917b96a8a6e 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/CustomData +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line103.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line103.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line110.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line110.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line117.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line118.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line125.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line125.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line132.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line132.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line139.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line139.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line146.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line146.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line153.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line153.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line160.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line160.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line167.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line205.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line212.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line212.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line219.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line304.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line298.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line304.sh rename to pkg/agent/testdata/MarinerV2+CustomCloud/line298.sh diff --git a/pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line318.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line312.sh similarity index 100% rename from pkg/agent/testdata/AzureLinuxv2+Kata+DisableUnattendedUpgrades=true/line318.sh rename to pkg/agent/testdata/MarinerV2+CustomCloud/line312.sh diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line39.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line39.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line75.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line75.sh index 01efed1dfe3..068708eeac7 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line75.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line75.sh @@ -1,2 +1,49 @@ -{} -#EOF +#!/bin/bash +set -x +mkdir -p /root/AzureCACertificates +certs=$(curl "http://168.63.129.16/machine?comp=acmspackage&type=cacertificates&ext=json") +IFS_backup=$IFS +IFS=$'\r\n' +certNames=($(echo $certs | grep -oP '(?<=Name\": \")[^\"]*')) +certBodies=($(echo $certs | grep -oP '(?<=CertBody\": \")[^\"]*')) +for i in ${!certBodies[@]}; do + echo ${certBodies[$i]} | sed 's/\\r\\n/\n/g' | sed 's/\\//g' > "/root/AzureCACertificates/$(echo ${certNames[$i]} | sed 's/.cer/.crt/g')" +done +IFS=$IFS_backup + +cp /root/AzureCACertificates/*.crt /etc/pki/ca-trust/source/anchors/ +/usr/bin/update-ca-trust + +cloud-init status --wait + +marinerRepoDepotEndpoint="$(echo "${REPO_DEPOT_ENDPOINT}" | sed 's/\/ubuntu//')" +if [[ "$marinerRepoDepotEndpoint" == "" ]]; then + >&2 echo "repo depot endpoint empty while running custom-cloud init script" +else + for f in /etc/yum.repos.d/*.repo + do + sed -i -e "s|https://packages.microsoft.com|${marinerRepoDepotEndpoint}/mariner/packages.microsoft.com|" "$f" + echo "## REPO - $f - MODIFIED" + done +fi + +cat > /etc/chrony.conf < "/root/AzureCACertificates/$(echo ${certNames[$i]} | sed 's/.cer/.crt/g')" -done -IFS=$IFS_backup - -cp /root/AzureCACertificates/*.crt /etc/pki/ca-trust/source/anchors/ -/usr/bin/update-ca-trust - -cloud-init status --wait -marinerRepoDepotEndpoint="$(echo "${REPO_DEPOT_ENDPOINT}" | sed 's/\/ubuntu//')" -if [[ "$marinerRepoDepotEndpoint" == "" ]]; then - >&2 echo "repo depot endpoint empty while running custom-cloud init script" -else - for f in /etc/yum.repos.d/*.repo - do - sed -i -e "s|https://packages.microsoft.com|${marinerRepoDepotEndpoint}/mariner/packages.microsoft.com|" "$f" - echo "## REPO - $f - MODIFIED" - done +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done -cat > /etc/chrony.conf < /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line96.sh b/pkg/agent/testdata/MarinerV2+CustomCloud/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/MarinerV2+CustomCloud/line96.sh +++ b/pkg/agent/testdata/MarinerV2+CustomCloud/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/MarinerV2+Kata/CustomData b/pkg/agent/testdata/MarinerV2+Kata/CustomData index fa06e67289e..56aff4bd382 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/CustomData +++ b/pkg/agent/testdata/MarinerV2+Kata/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/MarinerV2+Kata/line103.sh b/pkg/agent/testdata/MarinerV2+Kata/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line103.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/MarinerV2+Kata/line110.sh b/pkg/agent/testdata/MarinerV2+Kata/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line110.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line117.sh b/pkg/agent/testdata/MarinerV2+Kata/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/MarinerV2+Kata/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line118.sh b/pkg/agent/testdata/MarinerV2+Kata/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/MarinerV2+Kata/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/MarinerV2+Kata/line125.sh b/pkg/agent/testdata/MarinerV2+Kata/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line125.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line132.sh b/pkg/agent/testdata/MarinerV2+Kata/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line132.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line139.sh b/pkg/agent/testdata/MarinerV2+Kata/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line139.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line146.sh b/pkg/agent/testdata/MarinerV2+Kata/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line146.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/MarinerV2+Kata/line153.sh b/pkg/agent/testdata/MarinerV2+Kata/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line153.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/MarinerV2+Kata/line160.sh b/pkg/agent/testdata/MarinerV2+Kata/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line160.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/MarinerV2+Kata/line167.sh b/pkg/agent/testdata/MarinerV2+Kata/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/MarinerV2+Kata/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/MarinerV2+Kata/line205.sh b/pkg/agent/testdata/MarinerV2+Kata/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/MarinerV2+Kata/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/MarinerV2+Kata/line212.sh b/pkg/agent/testdata/MarinerV2+Kata/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line212.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line219.sh b/pkg/agent/testdata/MarinerV2+Kata/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/MarinerV2+Kata/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line305.sh b/pkg/agent/testdata/MarinerV2+Kata/line297.sh similarity index 100% rename from pkg/agent/testdata/MarinerV2+CustomCloud/line305.sh rename to pkg/agent/testdata/MarinerV2+Kata/line297.sh diff --git a/pkg/agent/testdata/MarinerV2+CustomCloud/line319.sh b/pkg/agent/testdata/MarinerV2+Kata/line311.sh similarity index 100% rename from pkg/agent/testdata/MarinerV2+CustomCloud/line319.sh rename to pkg/agent/testdata/MarinerV2+Kata/line311.sh diff --git a/pkg/agent/testdata/MarinerV2+Kata/line39.sh b/pkg/agent/testdata/MarinerV2+Kata/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line39.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/MarinerV2+Kata/line75.sh b/pkg/agent/testdata/MarinerV2+Kata/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line75.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/MarinerV2+Kata/line82.sh b/pkg/agent/testdata/MarinerV2+Kata/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line82.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/MarinerV2+Kata/line89.sh b/pkg/agent/testdata/MarinerV2+Kata/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line89.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line96.sh b/pkg/agent/testdata/MarinerV2+Kata/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/MarinerV2+Kata/line96.sh +++ b/pkg/agent/testdata/MarinerV2+Kata/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/CustomData b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/CustomData index fa06e67289e..56aff4bd382 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/CustomData +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line103.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line103.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line110.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line110.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line117.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line118.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line125.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line125.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line132.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line132.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line139.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line139.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line146.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line146.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line153.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line153.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line160.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line160.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line167.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line205.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line212.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line212.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line219.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/MarinerV2+Kata/line304.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line297.sh similarity index 100% rename from pkg/agent/testdata/MarinerV2+Kata/line304.sh rename to pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line297.sh diff --git a/pkg/agent/testdata/MarinerV2+Kata/line318.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line311.sh similarity index 100% rename from pkg/agent/testdata/MarinerV2+Kata/line318.sh rename to pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line311.sh diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line39.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line39.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line75.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line75.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line82.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line82.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line89.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line89.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line96.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line96.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/CustomData b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/CustomData index fa06e67289e..56aff4bd382 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/CustomData +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line103.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line103.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line110.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line110.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line117.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line118.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line125.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line125.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line132.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line132.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line139.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line139.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line146.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line146.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line153.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line153.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line160.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line160.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line167.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line205.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line212.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line212.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line219.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line304.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line297.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line304.sh rename to pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line297.sh diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line318.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line311.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=false/line318.sh rename to pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line311.sh diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line39.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line39.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line75.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line75.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line82.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line82.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line89.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line89.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line96.sh b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line96.sh +++ b/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/CustomData b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/CustomData index fa06e67289e..56aff4bd382 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/CustomData +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line103.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line103.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line110.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line110.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line117.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line118.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line125.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line125.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line132.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line132.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line139.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line139.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line146.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line146.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line153.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line153.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line160.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line160.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line167.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line205.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line212.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line212.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line219.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line304.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line297.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line304.sh rename to pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line297.sh diff --git a/pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line318.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line311.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+DisableUnattendedUpgrades=true/line318.sh rename to pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line311.sh diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line39.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line39.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line75.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line75.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line82.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line82.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line89.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line89.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line96.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line96.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/CustomData b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/CustomData index fa06e67289e..56aff4bd382 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/CustomData +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/CustomData @@ -36,7 +36,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -67,13 +67,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line103.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line103.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line103.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line103.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line110.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line110.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line110.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line110.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line117.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line117.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line117.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line118.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line118.sh new file mode 100644 index 00000000000..562b4e87d4f --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line118.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +n=0 +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + if [[ $n -lt 100 ]]; then + n=$((n+1)) + sleep 3 + else + echo "timeout waiting for kubeconfig to be present" + exit 1 + fi +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +if ! dnf_update; then + echo "dnf_update failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo "package update completed successfully" diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line125.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line125.sh index 562b4e87d4f..80e54eeb701 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line125.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line125.sh @@ -1,54 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Package Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -n=0 -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - if [[ $n -lt 100 ]]; then - n=$((n+1)) - sleep 3 - else - echo "timeout waiting for kubeconfig to be present" - exit 1 - fi -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -if ! dnf_update; then - echo "dnf_update failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo "package update completed successfully" +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line132.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line132.sh index 80e54eeb701..f73ba22284e 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line132.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line132.sh @@ -1,6 +1,9 @@ [Unit] -Description=Package Update Service +Description=Runs package update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/mariner-package-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line139.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line139.sh index f73ba22284e..4d6cb87b4cd 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line139.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line139.sh @@ -1,9 +1,24 @@ -[Unit] -Description=Runs package update script periodically +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min +# -[Install] -WantedBy=multi-user.target \ No newline at end of file +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line146.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line146.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line146.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line146.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line153.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line153.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line153.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line153.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line160.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line160.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line160.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line160.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line167.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line167.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line167.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line205.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line205.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line205.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line212.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line212.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line212.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line212.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line219.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line219.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line219.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line304.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line297.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line304.sh rename to pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line297.sh diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line318.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line311.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=false/line318.sh rename to pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line311.sh diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line39.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line39.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line39.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line39.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line75.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line75.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line75.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line75.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line82.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line82.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line82.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line82.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line89.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line89.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line89.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line89.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line96.sh b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line96.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line96.sh +++ b/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line96.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/RawUbuntu/CustomData b/pkg/agent/testdata/RawUbuntu/CustomData index 9e35c7d54f6..3f742f70bda 100644 --- a/pkg/agent/testdata/RawUbuntu/CustomData +++ b/pkg/agent/testdata/RawUbuntu/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/RawUbuntu/line105.sh b/pkg/agent/testdata/RawUbuntu/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/RawUbuntu/line105.sh +++ b/pkg/agent/testdata/RawUbuntu/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/RawUbuntu/line112.sh b/pkg/agent/testdata/RawUbuntu/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/RawUbuntu/line112.sh +++ b/pkg/agent/testdata/RawUbuntu/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line119.sh b/pkg/agent/testdata/RawUbuntu/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/RawUbuntu/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line120.sh b/pkg/agent/testdata/RawUbuntu/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/RawUbuntu/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/RawUbuntu/line127.sh b/pkg/agent/testdata/RawUbuntu/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/RawUbuntu/line127.sh +++ b/pkg/agent/testdata/RawUbuntu/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line134.sh b/pkg/agent/testdata/RawUbuntu/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/RawUbuntu/line134.sh +++ b/pkg/agent/testdata/RawUbuntu/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line141.sh b/pkg/agent/testdata/RawUbuntu/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/RawUbuntu/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line142.sh b/pkg/agent/testdata/RawUbuntu/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/RawUbuntu/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line149.sh b/pkg/agent/testdata/RawUbuntu/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/RawUbuntu/line149.sh +++ b/pkg/agent/testdata/RawUbuntu/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/RawUbuntu/line156.sh b/pkg/agent/testdata/RawUbuntu/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/RawUbuntu/line156.sh +++ b/pkg/agent/testdata/RawUbuntu/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/RawUbuntu/line163.sh b/pkg/agent/testdata/RawUbuntu/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/RawUbuntu/line163.sh +++ b/pkg/agent/testdata/RawUbuntu/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/RawUbuntu/line170.sh b/pkg/agent/testdata/RawUbuntu/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/RawUbuntu/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/RawUbuntu/line208.sh b/pkg/agent/testdata/RawUbuntu/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/RawUbuntu/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/RawUbuntu/line215.sh b/pkg/agent/testdata/RawUbuntu/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/RawUbuntu/line215.sh +++ b/pkg/agent/testdata/RawUbuntu/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line222.sh b/pkg/agent/testdata/RawUbuntu/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/RawUbuntu/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line304.sh b/pkg/agent/testdata/RawUbuntu/line301.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line304.sh rename to pkg/agent/testdata/RawUbuntu/line301.sh diff --git a/pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line318.sh b/pkg/agent/testdata/RawUbuntu/line315.sh similarity index 100% rename from pkg/agent/testdata/Marinerv2+Kata+DisableUnattendedUpgrades=true/line318.sh rename to pkg/agent/testdata/RawUbuntu/line315.sh diff --git a/pkg/agent/testdata/RawUbuntu/line40.sh b/pkg/agent/testdata/RawUbuntu/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/RawUbuntu/line40.sh +++ b/pkg/agent/testdata/RawUbuntu/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/RawUbuntu/line77.sh b/pkg/agent/testdata/RawUbuntu/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/RawUbuntu/line77.sh +++ b/pkg/agent/testdata/RawUbuntu/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/RawUbuntu/line84.sh b/pkg/agent/testdata/RawUbuntu/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/RawUbuntu/line84.sh +++ b/pkg/agent/testdata/RawUbuntu/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/RawUbuntu/line91.sh b/pkg/agent/testdata/RawUbuntu/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/RawUbuntu/line91.sh +++ b/pkg/agent/testdata/RawUbuntu/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntu/line98.sh b/pkg/agent/testdata/RawUbuntu/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/RawUbuntu/line98.sh +++ b/pkg/agent/testdata/RawUbuntu/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/RawUbuntuContainerd/CustomData b/pkg/agent/testdata/RawUbuntuContainerd/CustomData index 954591253ea..c8ba47595e3 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/CustomData +++ b/pkg/agent/testdata/RawUbuntuContainerd/CustomData @@ -37,7 +37,7 @@ write_files: encoding: gzip owner: root content: !!binary | - H4sIAAAAAAAC/+x9/3fbNrLvz1d/xZRhYykNKdvp7u1zq9yqspLqxZZ0JDndfYmrQ5GQxJoiVQCU7Sj8398BwC8gCUqynW67e+7uOUkjAIPBYPCZwWAAPvuqOXP95swiy1qt05mOu6P3vU532utPJ5fDVjNY06b1KcSoaQc+tVwfYdK0bWONg7t7kyC8cW1kuj5vO+i8604ObRrYN4jylv3etDPov+m9nZ73Ri2tiajdtH236SNqOhov/6nXjwsZVVY4c32t9mwyOB/AOvQ8oEuXQBBSCOZgB6t14CPqE/M3EvhAg+B/OJnzwS/9i0H7fFwg5gS3vhdYDtFqnVGvM7lIa8oVsWtTT1E3Yy4kuOkFtuUJ9jqD/qTd63dH5+qeE7E4MtHRVb+jrI5D35YrvvturKx3E84Q9hFFpFh7OOq9b0+602G78679tjuedtqdn7t7mjbX2N1YFBlry76xFiimNeq+7Y0no39OR93hoKUFhLAxW9hFRCKj1a5+uupPrqaj7kW3Pe629LpHZlOMPGQRBAYGgzRqg3FLr7tz8AjwyX9hJBVOXkPTQZumz6b49PXzk++BLpEPJMCUtS5U/wwL6/YGjlYWtZd1/fglNH+t986nF7133VbdDjAKSONz77xVN180GnrzJVgN2MIauz4FGoTrNcJ168PpNVgfXl03vgd051KIjr6Huduojbudq1F3OrkYT38aDCbjyag9nL67+ql70Z1Mu//odqbDi6u3TBnKyiMWAvXILAgoodhaa4fTe98djXuDfkvbHJsn5rFheeulZZ5qtUn3ojscjCbnO3qmyEPrAFMnr7nd825/0mtfTIejwfveeXekVnnkIJ+6lrfGwcZ1EN5HJFsLGws3PXfGlcFDMi0jIaYYQOVaumz3e2+648n0Te+iO2xPfs4JdmX57hwRytc7W3iXw0G/25+M1dVjgPApiRtctvvT85+m7avJYHo1PGeL5M1F+63cOhnPyvINZ9a0QhoY4dqxKNJqnavRxXRwNRleTVpNulo37RB70w3Cs4AgMwhpsgwG42m/fdltaeLfrOMRA4isIP5Bq3WGV9P2qPNzS9NqDrI9CyMwLPilPb4c/9y7HPbOx616Qy4aD3t9pj5JUY0g2hletbG9rDdgWwMASKnq9UVa2qhFtRpGq2CDLi3/fNYOaXDFh/bGsxZvXA+l7fEKjDno++TFCNoYWXQvQRqE9vJAgh6y/HDdSWHz3GOkSI45PAe9CncZEdcn1PK8jMgvLl12Un34vyTwU3oBaenb/MxFvMCdw4cPYHwCTc/jmwbX1wKieL2UyGAcST8wzSBu4Lc0O8QY+VTjhcgjSFkrZSLuJRL15y7/i/+R2ZKhgOmWXv/td9DMYYLaoOmKZaHBZ+D1PlzDZyDIQzatm761QtBqwUcto/tRa2gN+PxZYKLeHY2mkpxjiJr2+u/bF71zzlNsZpIyrpOx9FxyaWFGdoDbbEVeuH54BxoXlAbPnzPxavq2N56+a0/akcaY0SgOUZWAk3XEqufnKpaSWKqxNN4LyRLWR0lyERPVNiDJ38k8xFLnfzzL9OeIwCYhZ2Fs3YNLAN2tkU2RAzSApbVBEPjePQQ+AuShFfKpKcj05uBSWFoEVgFGQJeWL9d6CbcIbl3Pg1ht2cjBswhNaoDr8994z6aknPr2WVH+H368jsBYUDgpCxHZywC0X9qjfq//9kxSJ4jNfnGQlTyb0BO8uv5iD7s5Nd7DNvodjpn26dtS+fF1xPXjh/G73vC1VjW4Xv/N4JCRselz6RJhQKs1vYcAc5bnLpbHQUB0Z8L4xl2v2WAl0vF0WdQN/HiYHKAQDbEPx/K4e2/GLf3oo3/EnRrkFFS0Vdfrwtt5Dz/88IOmGP+L60hriKUV+gRRRpL/i49nStxPqKVvnynJM+Hyukz29XrWwjhpNMDwKBzD9TVbkWwap67voLsWnwjp36WGnOI611NL36oZ0LcZpShmJpPkpfVbgC9dP8BD5tO9TyGxLiZVz/fC4MwOKRiOAcb8pKEVyP0c0Dfu3YOoEDDmpzEhpqMC9vdxqME1E9KHg6oy5WUerrJRjuVcXaWWu/7G8lxHVsZYv8+gOMys6aGQHuusFyzIlAZTtGE2E7T2u7HZGXfNonEdhT51Vyj5fUwt37G8wEcZfGqM5cpSkPFZLb4oVycnrRixE8FABXtgQHnY0AJ9m5dXpNUqPYjL2AHN+Q/cfZVmIrEkki7NQdNLrm15bndSyqu45DYwD8DAYGaFJnIWSNllI9MGzpnC6eC6d/KdefxtmcF9PBzJTKxd30eOqZ18d/ytdrSPnVjnct5RtbmKewY/oDAPQp9hMSTbg5fgoLkVepTbJmaasWMHDuNFVm9pIGumafJwYsAoj3Uf9Ewx2rgPpLILd/KsKaGjWGUnzqT8PQJjJIhRDGk3zPT640n74mI66V12B1eTPx9m8lLLw0sqpCdDS2V/mgpjYnIpshzQL9sJjvrdSXec67f8c6RJ/pemb/vd7vlYmqFIg6+qve+Ygctgdg9Fd07Am3LXwV2K336Ho3SDotyASPsPrXEEP4CKGkhBIqW+xl0UtjNMHQklDB9UVCW37YA9Y+2//ks4d7IMdvbuBIhwlOJs7OFir82RlKaP6G2Ab4ZeuHAzWyRN7+SXwehdHHBhqA4aj4pUTy7fonX6vdz8xhz1e/AMoznCyLcRrHmnxITLgFDvHuYBhptwhnxEYRZS8IJgPbPsm7gic6NDghyY3csYznRYtnZwmt/eFyO58BzY+JPQVCeNNA3jQFMW/tgV97oaXbC99r46Z63cijF8OKBRpJCujVEKktN5gKcBtkgrNQ77SDJTscBoDUYwhKPNR+eb+kfzo/NN48URX0kOHJHmr5tmk/1ziSyHsXrSSCZR9lAYI0lQbhpir6Wf5keol6qUh7NXtmUiOV5WN46LwViDvi86KepnMdPhaMDWS4ZZWXR63B29747YtD6gunKGH9BeNdmZpIVqZnJI1JYJJFODB/bY1LelqHwkop2GZWNDEX092+hbpQpGhuf64Z2hb5NoYaTtnOXJ2//Hj3wOWAfPnr1oRho8gyuCYGaRJcxCl/lj8EzeJeN7e+VMF4hOqYVnludN5zhYTTFauITi++mtS5ecVzg5PYa/7Vst571RU9/BOY/0HDw3kZYPgw1G7fF0eHVxMWVT8Kbduyhu+HN6/gdL8BD02CcPME0T9gNQrWq2vtSs7GWhEI/cVVv2L4WMMjsBiaGAZMKRAyS0bUTIPPS8+5xTVm1e9jmspZZmtc3SoLpMRM4tDMbdp/lBYt7ukHOkgdE5AHVzIF2hqfH5TQwY9jK49cEYAQ4Cesb+OKzdarPXprLKu/FN29dXs6phzPsqcOC///a3p5FJnJb9o5FdmDGyQ4wmF+OfkuPCd+IYrXuH7IJnJyyLcKi48daWlK7JWbN58x2JT0aJOfOCmWkHGJm3ru8Et8T0EW1aN8SgHjHSU0nD9lzk06a+fejpZNTkVqNprZy/f9tUEZVtql53SXt0+fdvG8zNVwSk/zrjwaud4ym7L486J65Jg06tztqiS2YTHkUxqmA62559JTZoql7LW/8U5935dG65XogRvGIo//djsJlDaMzHF2AElQTT30PsFSxoyvbBA5XRvBJpHiU2TaLJEMAYxSDwBGpzly3uW4us+IFll+34qqOErN507nqIT7++PYmkemTprtJ4lL49lcsSR46E87l719K3r4otuXVK5qVV1/Ttj2ffRloD5O0Az+O4VwS9tnLnzAsCisEEI45Ssc0eq8H2snHlXH8ffryOtO/BCfKRxlgLt1USiKREGYMRNQTtyNC3eVbZL3kZROpIZeyWnUAxyOgEPpI8BObKMF6A8ULinTob5kO4fXEQnzX5fAjUcWaLrMZMqPWGrDnpMmP/pEItYpVJjory27DtaQSy5RDxiYQ5EqvFK64W6YknG3USWxXzW2xXnt5qvSNr19dAI567WFKtkVOID6DpuZDlsfmdeazYUrH/lYh/06prt7dEohlPbSEayyeNb3XraGN5cZDmPKbCXMvspC23kc8Ip/5ZeYZAL81KLjSa9A7aJhtr5ZqBvG7eWgw3t3ImSHqM9x8xTeKsXiHWIcIrl4jDWoWEDxJmJks5ZKRaZI/CZ6WK5WG6AOH/MpCG1PTnLVH+GCA3OiZHmZ4GmrE50XbBuyL+KiEio85hkYDlYWQ593IYtoqNlyIJwg8ozFC67lx/UTpbz7lk/7II0VdgfIKHBWyqIkRpiIN7vg8MAuWyMB3kEs+akaZS/GcFRdkV8xGc8RmJZ33xaUpX61blhKn7LPdhUgubi0+1p8V+tmXWIg30rSzLqCpmI53PMERNOeHb6093zDUpkxc75qrRpzT4PvYQGaWOQn5OxFJ7EIGip7E5kZbISrhaivHsWkYP9+sO2itsxGbh4NFVe31qMYXYq6TBWpy+fn7C0BEh0KUETnidZRwnAfYuaL/WGeNn5ovG5/oH1L3G2HzR0HmuWt22aJ7E8+eSqr0bXY0nbI9QDEU14HkqMdmYf9Oq6181cnbqEIv4B2woqqzRqy+xZXikbslxmS+jOzlJJ6fEa9d/F87Q013tQz3tR7tvkhCYv3YTztAXcmwTIezzZuVuc06Y0m+V05Sf5LfKmlBisKQCjEljc6r2/9TTrRriAX5ffha+qO+Xnarv4q1y7BX5HBXV93hopW7/10t7hJeWSFE5Z1/EScuHVkqzFu1eKSWnLAbQx/lkWsEp0x7qlR3uwkApR/6RXskDlpdWhYrVTf4yXogMy7EHkpnDAbYy/4LPkuK2EJt/+X5QWrf7j8mo3Zl0RWUGnKAglDOYvCi598RxshBkLzFRk+J2UgY64zy1LLpM1jRNicfJ5bClb0sc8dPW6sPWnYefJRabcQfizE3Rm2qTkpZ3R6PBqBy939OLGvHZ5h92Ny0kKJmqND4VgzK0H96ZMDFxJyR0Ann/tWeIbCtW1rNmdvymIiHn71XrSJLmVDgONvl5sNq9Krjhwgc4OTOiYkYJPwYpR8sYVdAwIqFHW/qWo6RUyhjWRWkN1FY1G5gm+zhJFlfKYLaYtieGflZKqxIcv+93J1NWJk43xsk6PTN0VVHpgpSqUuUdDVVlcIUaEkRN6N65lHkUZqVPwVMs+r00pULfqog+ZV2XBNXUt1KPfGkrRVPIVpDIpOdZuTQ216ZeOlvP3DnoJ/x2ympN718CtW4QP1cuXViOwCJJpjNsLC9EJgzoEuFbl6C43QmrQ5dIlNdkt//cxUJl1cSjgvJIzcQdFNnrFZemJ4tPk9VaaDOXfF7I/LYks65wEptjTaba1LcyGS7fckSnyKok0TT9IifQiquQnGtxLS+9ulIX/YNhJChxmrPPcbJdXCup02wujhr55Ms84TiztnI1pJBUbMcvuYvOEh89BSoTSHIhKTdu1oZaeIFoBnWKbOCvzReReay4kBjLlyt593LY0gQDxibVkuTgvDLMpxUOEGILplCyZko06S+qOFmQ8ivKqpqrKWS6xsiwLXuJnESC6U2BswrJacqzQ9XBhejiymd7V34jTPTg+jTIOMynuiShxk93m4fIgtm8IsHCYXh2Eq7nK8Z6qthH76gojrCTVTlJLpUXclHyzpyQUXbHO/XnTh+SCaLYMqbmRd/m3aeKhZSwzbAJ1ha2VogizIMOFSNiGymuGQt3g5RXGLJhyQ5Q+UYj57Ikg0pW0+v6uZssT+AiA+qdrwXsR+TtzvZR9tAAg4TygPnmLzdbTWW9jI60OdxWjzWSEL5KLR+vaZ2r0ajbn2SqW88maI81KM/kJrMIwjmctEdvuxnx+Ag1YZmg1QbhTrBaW5hb+jwvZ4Z2bB6bx1rEFCxHKVKHeYQR8SRjAWUmS/1EzOdY8Mv8WNz2rQcY0O+h5QENGolRmVkESUQKDJWtUmGuTIXJqVqbu1SRw0Cp+/yJzJfQ5KqXKw7S3+TOE1dfVTjzC5OPoSC1lbvHzxYUQTRcd/q9cxcTxYZBepOnKtFTUUdKp8qVKohnDwLtpF+qllmyfGlUy9xAaQskb6Qr7il9/gxfHXRTyXeN+PrLE64qpVca/QAkipC9WAJrjAjyKczjCAe/TxNfZgR+mzFdOMznOzG/NU9MmCxdAmQZhJ4DCGO2gjfIp6Hlefca7Dx/zWJ65S1iE6O57buJgwdprqZlE2Plso5MnqWLnAXiKZrSqJobzlwWDJXKYieSZ5Maop5JWQ+x0ufPaUUa9AH88UTngmJWJeo/s7xb657AbyGhEBIEt0uL3/z3XEIRv1haeEgGSAC3CJzAP6Li3QcaALn3bfEyg+27X/h1jkxequc5+j3lJe74BYt+j4d4GKsYMTUAm9kZaxaEVDynNQsp3Fp+/I4FRkwG6nc0bpeuvQSMfg9djAi48fsWqgdU4A98QSXGuQPeTvlT3iCpehCl+m2SVGEOepQkXt720vIXXPXig7d/txdBHvMkQem1CdUzIbUDvMEMCzma9EbiYo4CmvCKQZPilYDEkTmclEC5ClLyGUa8bpwdYai4H9WG+RnbS9gesjDTjhVDNOSLtX4rLMMGYVha6zXyTbAICVcIXEoAI8+KYYBPoOtzoNgguLAoIhTe/3yeWBeBe0sEoU8t/BICz0G4VEgXn0yQ3TIleudH1HyRA2+oeheAQVtiu+J+kzDJjLH1yV2vk0unhYfAFOpXgaKJldjn+mS7k1IA9slhSlmtcjHIr5mtjNKYRe0L6M6jpqg8Q/nIz95IqjLms+eaVSJnsxj5zq5U5W40y7NZvFi1l0GVQ/EA1UB3FFs2fRfO0E+xF1Q4QLj5TrZmcbZKXBTOUHIeKw6iT+Vil0zjtxvj0ldagW56WDd1XNzS9G+1WqFGfLjKYwHM72jp20KvIp4rA2u+X4auzGqWp1Kiz+z07hcqmaKpGIq0mlq35NpVihTvi0U4MDFr+ZZZeHB/GLD2ELqcZpwyEWsBs5w0n66H55B/CTF5T9F4oSqwqWe8KC+6gqRLU79DuOnyzw6Lys3lGXDJKD7hv8Ien4e8vpRyhKUwHaLIpkW1fgllGi/BImkSBvBKXJDMQ+VpCDQQz8JamLpzJlrROD+H+8WSvWRq+IGDDohsPz6JNa+v5TEffOn4UUshNXpaBfn8EOWgt6xp+/eQDxum/Mht6dLXlxioqoPKocb/mSx1bigMii2fzAO8amnks/ni83ND8JF46J81MAyyDG6zmsgx2PIizMxsFIx/THs0DEKxuzYyR6X1itmc/NoH6eFepqcyUFSW2dQry1oKHdUK4q2Am/xg4Vo8LVTdhmFXqU1x77GTp/wpgMLczC3mfJfDuyuVlkinG7H/EF+1fScG2PYd9l9DHNzdZ57b1XgyuOS3/5g1b4/+WX5GpFxFfjwksXS7SKjqyDQEaoaE7atiETAsPAN101yM9CXYIaHBKmmwZ0RR7h2aaXy4PHXnU55+7C9azMbXytl2++iqp+lRZq92oH9YPb+mwh3TQPGj+iGlQ4bLdbP4wI5KnllF5OUkundqVUmLf5pA9nPLFae8rgWkV4KO6h2rAvholehT0bj4+lF8al89SVq1c/uF007zjtK5cJTSxwFgjQN+Wpe6Oy6BDnM/H+UXCSP+hAxX5WM0BV/qbKOch10prsn/8i/fT7qXQ77/fDMaXKadtjT+ELfyMXwoUfzzFogs59hwCentG2BUy42CfwrhDMQr3jzCYge+4/JcfXuJ7BsIfCgYEgh8G8FomEQMXR7oQRZBTt47ZwBUr8eXOtQDSZ4t1EyNP1wIr1tw8t+NBg+kxk8oFbqvuJz9JwNWkckCYld6hMnp4sNAp6K6tovcDgCsqK7VpOMx65u7CuNaYVprT7HK0FwGK9Rc3q8RZj8a6TKE58znYmiU3mvqraxF9shh56I3nQwGaSJJBji9y/bbrsgxOZU8IUYriTG7K7HnVjSKQLhM+jbpIXdNQPpZHOxRrD3ApLJ+GSM2xaa6ew00VSr6KZzwXZJN2a6C7w/Wlo3YLtV0g3hAHLx1BVV+MBbfuqLuCjn8YyiJRHZKY+NawAeZSxiXwu6dCav/VuwHk7TxnGtSkplInHqM2HjLR0pOpFv9YTKKB1UpJpE8VSUpCUT2SuFx43cC+wbhP2z8gnxh/OeDzrtulXqIbRVG1Fo8fY2PupP2W/nnV9LS530s2DDmOFhVjYKn4RXofBE02LlmqbVQTgfoBVYet6SSJMNH9ZXLtuHa8xg60jxfdkZ8hsmbAHeWrm+VXyCVHMerPtOX+GxVeuu1PErL81LSrbpe3yVxcUKf3Js5+nVlY3Pl2jggwZyadrDiT2LyLwVtxbd/9JPoqKFYqMVeZRmRwzogFEMLCO9nXte+JmdfE+0l6CcvQT9tRBBzQChOWcjlD2r6VuYillVlzjDDBHFQN3d9B1Z2yu08wMCnaFfmPKu0ssUi5Rf+cp1/+PH6G630U6RFxdvfmR60Uq8xIRvFKXIG4g+UlmXHfrE+sQm1/TRh7ukalLKWh6J4Scv86dvcEKKdoc4yvQQnDyIpPzyUfoXn6WCZiSoFNS6hhLeSdHKrH6+Ui7+8PmLswSu3uoEAB/7xnqu1UJrCEZfIIIzVRQwN3a0DTOUSQSv0bbGlEd8CEuRGYZbqKT9gr3jJWsrhqNywl6VWib1pQ84Hv7vL/GGUXRlIoSIPN9qZpp9GR+ndvk032SAVfHr9s/Jn88Ox8X+uv6koNdQ/T9Mng/WtJNlI3Mo/Yv//6EvrTanyVcM9BI+LkPvXH/6ucw6FFPL2wTDmAV5ZFI62W3OE1gFxaYDvo+hsuzUn1iL6q0tAGr1Yqczvm9qBg1r6/xRgWU/L4KsW/2qM6pyP+41pzVouwiCWXlGq1ZdkpNduVa0+w+3S9RBgZDliRnJW6slgkdmAMmTnvLeYu6gczFOtrUqSkl2poCdNV+7hBaksktHVmJdwtPKiNL8HwDYZPA3FsMstM5BPozEFtBeOQN2xKGq81OvLgFAGGI2XQKiFaUfZWkQuZOsBGg8k8O+IansII9+pIJt9UG7E9w7IKXCbamScS965GFwlH0MQ+SPMve14QehUBI//vWyQcGNTx+voT7cKD2HoX4XTh/Ik8fMfhmyJu/zXwTRFBiApfZMtwSu+wyku37KfmudTgjCBnGXbKpcmK7eAtQpYLdUoy0gF2AkSqstUAJpD7VIVEYotDt3JfVhztOfDmsEGYew6KP78SCfw5+4i27qIqxjS91T5V56Z9MWfpj1fmE7zu+Mpvy4w9RFzERgNVqLJ3wrdFojFN40tCj/80B28gdevFVUci1okCLGNznh1rgJn2UZ/vfbuWaeM97jjszj03x28YQN8xv7+/wEAAP//tS0/rzB7AAA= + H4sIAAAAAAAC/+x9f3fbNrLo31efYsqwsZSGlO109/a5VW5VWUn1Yks6kpzuvsTVoUhIYk2RKgDKdhR+93cA8AdIgpJsp9vunrt7TtIIwGB+YWYwGIDPvmrOXL85s8iyVut0puPu6H2v0532+tPJ5bDVDNa0aX0KMWragU8t10eYNG3bWOPg7t4kCG9cG5muz8cOOu+6k0OHBvYNonxkvzftDPpvem+n571RS2siajdt3236iJqOxtt/6vXjRgaVNc5cX6s9mwzOB7AOPQ/o0iUQhBSCOdjBah34iPrE/I0EPtAg+B8O5nzwS/9i0D4fF4A5wa3vBZZDtFpn1OtMLtKeckfs2tRT9M2QCwlueoFteQK9zqA/aff63dG5euaELY4MdHTV7yi749C35Y7vvhsr+92EM4R9RBEp9h6Oeu/bk+502O68a7/tjqeddufn7p6hzTV2NxZFxtqyb6wFimGNum9748non9NRdzhoaQEhjGYLu4hIYLTa1U9X/cnVdNS96LbH3ZZe98hsipGHLILAwGCQRm0wbul1dw4eAS78F0bS4eQ1NB20afpMxKevn598D3SJfCABpmx0oftnWFi3N3C0sqi9rOvHL6H5a713Pr3oveu26naAUUAan3vnrbr5otHQmy/BasAW1tj1KdAgXK8RrlsfTq/B+vDquvE9oDuXQnT0PczdRm3c7VyNutPJxXj602AwGU9G7eH03dVP3YvuZNr9R7czHV5cvWXKUFYesRCoR2ZBQAnF1lo7HN777mjcG/Rb2ubYPDGPDctbLy3zVKtNuhfd4WA0Od8xM0UeWgeYOnnN7Z53+5Ne+2I6HA3e9867I7XKIwf51LW8NQ42roPwPiDZWthYuOm5M64MHpJhGQkwBQE71tLlcNDv9ifj6ZveRXfYnvycY2285n0q1rxWu2z3p+c/TdtXk8H0anjO9P7NRfutPDpBcWX5hjNrWiENjHDtWBRptc7V6GI6uJoMryatJl2tm3aIvekG4VlAkBmENNHswXjab192W5r4N5t4xNZ81hD/oNU6w6tpe9T5uaVpNQfZnoURGBb80h5fjn/uXQ575+NWvSE3jYe9PtOIpKlGEO0Mr9rYXtYbsK0BAKRQ9foibW3UoloNo1WwQZeWfz5rhzS44qS98azFG9dD6Xi8AmMO+j5+MYA2RhbdC5AGob08EKCHLD9cd1JLeO4xUCSHHJ6DXmVKGRDXJ9TyvAzILy5ddlJ9+L8k8FN4AWnp27zkIt7gzuHDBzA+gabnTZYG19fC6vB+KZDBOJJ+YJpB3MBvaXaIMfKpxhuRR5CyV4pEPEsk+s9d/hf/I3MPQ2F5W3r9t99BM4eJIQZNVywLDT4D7/fhGj4DQR6yad30rRWCVgs+ahncj1pDa8Dnz8LM6d3RaCrxObY6017/ffuid85xij1H0sZ1MuaeSy4tzMAOcJutyAvXD+9A44zS4Plzxl5N3/bG03ftSTvSGDIaxSGqYnCyjlj3vKxiLomlGnPjveAsYXOUOBcxVm0DkvydyCHmOv/jWaY/RwQ2CTgLY+seXALobo1sihygASytDYLA9+4h8BEgD62QT00BpjcHl8LSIrAKMAK6tHy510u4RXDreh7EassoB88iNOkBrs9/4zObknLq22dF/n/48ToCY0HhpMxEZC8D0H5pj/q9/tszSZ0g9uRFIitxNqEncHX9xR50c2q8B230Oxwz7dO3pfbj64jrxw/jd73ha62KuF7/zeAQypj4XLpEGNBqTe8hwBzluYtlOgiI6UwY37jrNSNWAh2Ly6Ju4MdkcgOFaIh9OJbp7r0Zt/Sjj/4Rj1OQU1DRVl2viwDmPfzwww+agv4X15HWEEsr9AmiDCT/F6dnStxPqKVvnynBM+byvoz39Xo2wjhpNMDwKBzD9TVbkUyMU9d30F2LC0L6d2kgh7jOzdTSt2oE9G0GKYqRyTh5af0W4EvXD/CQhWnvU5NYF0LV87Mwc2aHFAzHAGN+0tAK4H4O6Bv37kFQCBjz0xgQ01Fh9vdhqME1Y9KHg7oy5WVBq3JQDuVcX6WWu/7G8lxHVsZYv8+gSGY29FCTHuusFyzIlAZTtGE+E7T2u7HZGXfNonMdhT51Vyj5fUwt37G8wEeZ+dQYypWtINtnNfuiXJ8ct2KLnTAGKtADA8pkQwv0bZ5fkVarjCAuLd+dI0Jz8QOPSCVJJJ5E0qU5aCz26b3pjieSUy7KdiekvIpLYQOLAAwMZtZoImeBlFM2Mm3gmCmCDq57J9+Zx9+WEdyHw5GMxNr1feSY2sl3x99qR/vQiXUuFx1Vu6t4ZvADCvMg9JkthlUsnZfgoLkVepT7JuaasWMHDsNFVm+JkDXTNJmc2GCUad1neqYYbdwHQtlld/KoKU1HsctOO5Pi9wgbI5kYBUm7zUyvP560Ly6mk95ld3A1+fPNTJ5refOSMunJpqVyPk1lY2JwqWU5YF62Exz1u5PuODdv+edIk+IvTd/2u93zsSShSIOvqqPvGIHLYHYPxXBOmDflroOHFL/9DkfpBkW5AZH2H1rjCH4AFTSQ8j5KfY2nKGxnmDoSSph9UEGVwrYD9oy1//ovEdzJPNg5uxMgwq0UR2MPFnt9jqQ0fURvA3wz9MKFm/kiSbyTXwajd3EOhVl10HhWpFq4fIvW6fdy8o0x6vfgGUZzhJFvI1jzSYkJlwGh3j3MAww34Qz5iMIspOAFwXpm2TdxRxZGhwQ5MLuXbTjTYdnbwWl+e19MzsJzYPQn2aZOmjwaxrmjLP2xK5V1Nbpge+19fc5auRVj+HDAoEjBXRuj1EhO5wGeBtgirdQ57APJXMUCozUYwRCONh+db+ofzY/ON40XR3wlOXBEmr9umk32zyWyHIbqSSMRohyhMESSPNs0xF5LP81TqJe6lMnZy9sykBwuqxvHxWCsQd+XcBT9szTocDRg6yWzWVnCedwdve+OmFgf0F0p4QeMVwk747RQzYwPidoyhmRq8MAZm/q2lGiPRLbTsGxsKBKqZxt9q1TByPBcP7wz9G2SLYy0nVKevP1//BTngHXw7NmLZqTBM7giCGYWWcIsdFk8Bs/kXTK+t1fOdIHolFp4ZnnedI6D1RSjhUsovp/eunTJcYWT02P4277Vct4bNfUdmPNMz8GyibR8Gmwwao+nw6uLiykTwZt276K44c/p+R/MwUOsxz5+gGmasN8A1aqk9aWksheFQj5yV285vhQ8yvwEJI4CEoEjB0ho24iQeeh597mgrNq97AtYSyPNap+lQXWbyJxbGIy7T/OD2LzdwedIA6NzgNXNGekKTY2PZGKDYS+DWx+MEeAgoGfsj8PGrTZ7fSrrvNu+afvmalYNjHFfBQ7899/+9jQwSdCynxo5hBkjO8RocjH+KTkBfCdOxrp3yC5EdsKziICKO29tSemanDWbN9+R+LCTmDMvmJl2gJF56/pOcEtMH9GmdUMM6hEjPWg0bM9FPm3q24ceOEZN7jWa1sr5+7dNFVDZp+p1l7RHl3//tsHCfEVC+q9DD17tpKccvjzq6LcmEZ16nbVFl8wnPApiVIF0tj37SmzQVLOWt/6pnXfn07nleiFG8IpZ+b8fg80CQmM+vgAjqASY/h5ir+BBU7QPJlS25pWW5lFs0ySYzAIYo9gIPAHa3GWL+9YiK35g2WU7vuosIes3nbse4uLXtyeR1I8s3VWaj9K3p3JbEsiRcD5371r69lVxJPdOiVxadU3f/nj2baQ1QN4O8NKMe0XSaytPzqIgoBhMMOIsFdvssR5sLxt3zs334cfrSPsenCCfaYy1cFvFgUiqfTEYUEPAjgx9m0eV/ZLnQaTOVMZh2QkUk4xO4CMpQmChDMMFGC4k3qkzMh+C7YuD8KzJ50OgzjNbZDVmTK03ZM1Jlxn7JxVqEatMclSU34ZtTyOQPYfITyTIkVgtXnG1SE88GdVJblXItziuLN5qvSNr19dAI567WFKtkVOID6DpuZTlsfmdeazYUrH/lYB/06prt7dEghmLtpCN5ULjW9062lhenKQ5j6Gw0DI7actt5DPAaXxWlhDoJankUqPJ7KBtMlor1wzkdfPWYnZzK1eCpMd4/xFiEmf1CrYOEV65RBzWKjh8EDMzXsopI9Uie5R9VqpY3kwXTPi/zEhD6vrznih/DJCjjvFRhqeBZmxOtF3mXZF/lSwig87NIgHLw8hy7uU0bBUaL0URhB9QmKF03bn+onS2ngvJ/mUZoq/A+AQPS9hUZYjSFAePfB+YBMoVVjrIJZ41I00l+88KirIr5yMw4xKJpb74NKWrdatSYOo5y3OY1MLm4lPtabmfbRm1SAN9K/MyqsrZSOczzKKmmPDt9ac7FpqUwYsdcxX1KQy+jz2ER2mgkJeJWGoPAlCMNDYn0hJZiVBLQc+uZfTwuO6gvcJGbBYOpq466lOzKcReJQw24vT18xNmHRECXSrghNdZEXGSYO+C9mudIX5mvmh8rn9A3WuMzRcNndeq1W2L5kE8fy6p2rvR1XjC9gjFVFQDnqcck535N626/lUj56cO8Yh/wIaiyhu9+hJbhkfqlpyX+TK6k+N0ckq8dv134Qw9PdQ+NNJ+dPgmMYHFazfhDH2hwDZhwr5oVp42F4Qp41a5TPlJcausCSUESyrAkDQ2p+r4Ty1uFYkHxH15KXzR2C87Vd+FWyXtFfUcFd33RGilaf83SntElJZwUSmzLxKk5VMrJalFu1dKKSiLDejjYjKtEJRpD43KDg9hoFQj/8io5AHLS6uyitVD/jJRiGyW4wgkc4cDbGXxBZeS4gIQk7985Sft2/3HZNTuTLqiMzOcoACUc5i8KbnKxO1kIcleQqIm5e2kCnSGeepZdBmsaZoSjpPLYUvfljDip63Vh607Dz9LKDbjCcSZm2I21SYlbe+ORoNROXu/Zxa1xWebf9g9tFCgZKrK+FQIyqb98MmEi4knIaETyPuvPSSyrVhZz5rZ8ZsKhFy/V60jSZlT4TjY5OfB6vCqEIaLGODkzIiKFSX8GKScLWNQQcOIhB5t6VtuJaVWhrAuWmug9qoZYZoc4yRVXCmC2WLanhj6WamsSmD8vt+dTFmbON0YJ+v0zNBVTaULUqpOlXc0VJ3BFWpIEDWhe+dSFlGYlTEFL7Ho99KSCn2rAvqUdV1iVFPfSjPypa1kTaFaQQKTnmflythcm3qptJ65c9BP+O2U1ZrevwRq3SB+rly6gxyBRZJKZ9hYXohMGNAlwrcuQfG4E9aHLpFor8lh/7mLhcqqgUcF5ZGGiTsoctQr7kFPFp8mq7XQZs75PJP5bUnmXeEkdseaDLWpb2UwnL/ljE4RVYmjaflFjqEVVyE51uJaXnp1pS7mB8NIrMRpzj/HxXZxr6RPs7k4auSLL/OA48raytWQmqTiOH5vXUyWxOipoTKBJBeScnSzMdTCC0QzU6eoBv7afBGZx4oLiTF/uZJ3L4ctTSBgbFItSQ7OK9N8WuEAIfZgCiVrpkCT+aKKkwWpvqKsqrmegqdrjAzbspfISTiY3hQ4q+Ccpjw7VB1ciCmufLZ35TfCxAyuT4MMw3ypS5Jq/HS3eQgvmM8rAiwchmcn4Xq+Y6ynin30jo7iCDtZlZPknnihFiUfzAkeZde203ju9CGVIIotY+pe9G0+fKpYSAnazDbB2sLWClGEedKhgiK2keKasXA3SHmFISNLDoDKNxo5liUeVKKa3sDP3WR5AhaZod75AMB+i7zdOT7K3g5gJqFMMN/85aTVVPbL4Eibw201rZFk4avU8vGa1rkajbr9Saa69UxAe7xBWZKbzCOI4HDSHr3tZsDjI9QEZYJWG4Q7wWptYe7p87icGdqxeWweaxFTsBykSJ3mEU7Ek5wFlJEszROxmGPBL/Njcdu3HmBAv4eWBzRoJE5lZhEkASkgVPZKBVmZCpdTtTZ3qSI3A6Xp8ycyX0KTqx6jOEh/kztPXH1V6cwvDD42Bamv3E0/W1AE0XDd6ffOXUwUGwbpmZ2qQk9FH6mcKteqAJ698bMTfqlb5snyrVEtCwOlLZC8ka64p/T5M3x10E0l3zXi6y9PuKqUXmn0A5AgQvZiCawxIsinMI8zHPw+TXyZEfhtxnThsJjvxPzWPDFhsnQJkGUQeg4gjNkK3iCfhpbn3Wuw8/w1y+mVt4hNjOa27yYBHqS1mpZNjJXLJjJ5lS5yFoiXaEpUNTccuSwZKrXFQSSvJjVEP5OyGWKlz5/TijLoA/Djhc4Fxawq1H9mebfWPYHfQkIhJAhulxa/+e+5hCJ+sbTwkAyQAG4ROIF/RMW7DzQAcu/b4mUG23e/8OscGb9Uz3P0e8pL3PELFv0eT/EwVDFiagA28zPWLAipeCFrFlK4tfz4HQuMGA/U72jcLl17CRj9HroYEXDj9y1UD6jAH/iCSmznDng75U95g6TqQZTqt0lShTnoUZJ4edtLy19w1YsP3v7dXgR5zJMEpdcmVM+E1A6IBjNbyK1JbyQu5ihME14x06R4JSAJZA4HJaxcBSj5DCNeN86ONFQ8j2rD/IztJWwPWZhpx4pZNOSLtX4rPMMGYVha6zXyTbAICVcIXEoAI8+KzQAXoOtzQ7FBcGFRRCi8//k88S7C7i0RhD618EsIPAfhUiNdfDJBDsuU1jtPUfNFznhD1bsAzLQlviueN0mTzBhan9z1Orl0WngITKF+FVY08RL7Qp9sd1JKwD45TSmrVS4H+TXzlVGas6h9Ad15lIjKEspnfvZmUpU5nz3XrBI+m8XMd3alKnejWZZm8WLVXgRVAcUDVAPdUWzZ9F04Qz/FUVDhAOHmO9mbxdUqcVM4Q8l5rDiIPpWbXTKNn2OMW19pBbjpYd3UcXFL07/VaoUe8eEqzwWwuKOlbwuzinyubFjz8zLryrxmWZQSfOandz86yRRNhVCk1dS6JfeuUqR4XyzSgYlby4/M0oP704C1h8DlMOOSiVgLmOek+XI9PIf844bJE4nGC1WDTT3jRXnRFThdEv0O5qbLPzssKg+XJeCSUXzCf4U9Loe8vpRqhKU0HaLIpkW1fgllGC/BImkRBvBOnJEsQuVlCDQQL71amLpzxloxOC/D/WzJHic1/MBBB2S2H1/EmtfXMs0HXzp+1FJInZ5WAT5Popz0ljVt/x7yYWTK79aWLn19CUJVE1SSGv9nstS5ozAotnwyD/CqpZHP5ovPzw2BRxKhf9bAMMgyuM16Isdgy4swN7NRIP4xndEwCMXu2sgCldYr5nPyax+kt3iZnsqGorLNpl6Z11LqqFZgb4W5yRML1+JpoeoxzHaVxhT3Hjtxyp8CKNzN3GLBdzm9u1JpiXS6EccP8VXbd4LAtu+w/xri4O4+i9yuxpPBJb/9x7x5e/TP8jMi5S7y4yGJp9sFQtVHhiGsZkjYvipmAbOFZ6AemsuRvgQ7JDRYJQP2UBTl3qGZxofLU3c+5eXH/qLFfHytXG23D65aTI9ye7UD48Nq+ZqKcEwDxY/qh5QOIZfrZvGBHRU/s47Iy3F0r2hVRYt/GkP2Y8sVp7yuhUmvNDqqd6wKxkertD4Vg4uvH8Wn9tVC0qqD2y9cdpoPlM5FoJQ+DgBrHPDTujTccQl0WPj5qLhIOPEnVLgqH6MpxFJnG6UcdpW4Jv/LP2Y/6V4O+f7zzWhwmU7a0vhD3Mr37aEE8c9bIDKfY8cluLePwKiWo4J/3eAMxCvePMNiB77j8lp9e4nsGwh8KDgSCHwbwWiYZAxdnuhBFkFOPjpnBqhejy91qAlJni3UTI0/XAivW3Dy340GT6TGTygVpq+4nP0nG6wikgWLXRkRJqeLDzM6Fd21XeB2GMCK7lpNOh6zvrmrcK4VrrX2FK8MzWWwQs3l/Rph9qORLkN4zmIuZo3Se029lbXIHjnsXPSmk8EgLSTJDE7vsv22K2pMTqVIiMFKcszuSuy5FYMiECGTvk1myF0TkH4WB3sUaw9wqWxehohNsameXgNNVYp+Cid8l2RTtqvg+4O1ZSO2SzXdICaIG29dAZUfjMW3rqi7Qg7/vknCkZ3c2LgWcCJzBeNS2r0zYf3fiv1gUjaeC01KPBOFU49hGx/5SM6Jcqs/jEcxUZVsEsVTVZySjMheLjyOfiewbxD+w+gX4Av0nw8677pV6iG2VRhRa/H0NT7qTtpv5Z9fSUufz7FgZMxxsKqigpfhFeB8EWuwc81Sa6EUB+gFVB63pJIiw0fNlau24drzGDiSnC87Iy5h8ibAnaXrW+UXSKXA8arP9CU+W5Xeei1TaXleCrpV1+u7OC5O6JN7M0e/rmxsrlwbBySYU9MOVvxJTP7xn634nI9+Eh01FAu1OKvMI3LYBIRiaAHh88zr2tfk7GuivQT95CXop40IYgwIxSkKufpBTd/KWMS8qqwZZjZBHNTNXd+BlZ1iOw8wcBHtqpxnnVa2WKT8wl9u8g8/Xn+jlX6KtKh4+zvTg1YaNSZgo7hEzkD8gdIy79gv1icmUNtPC+aerkEpanlTFC9pGT99myMh2pnqLMNL7ORBIOWHh9Kv8DzdWGasSo0a51CCW4k7udWPV8rFX14fse3BK7d6gDAO/OM9V2uhNIUjLlFBGKuLIA3drQNM5RYBK/RtsaUR3wIS4EZhVuopP2CveMlaquGo3LCXuVZpe9OBHA9+d5fFwyi7MpCairy50c40/TQ6Su/2bbrJBqkQ0+uflT+bH46N/3P9TUWrof55mj4ZrG8lzkbiVv4R+/9HX1pvSpWvIvcQe1w0uX998nedcyi4kPcPhjEP8MqicLTdmiO0DohLA3wfRWfbrTmxFtFfnQMS9WKlsrhvagcOaun/UzDLetoGX7X4V2NU53w8bkx71nIZBrH0ilytviQjvXarGvUZbpeuhwAjyxESyXmpJxuLzAeUTXYueouxi8rJPNXaqgQp+ZUKeJK4cg8vSG2RbF2NecmOVl6U5vcA2CaDl6EYdnlkZuTTbEzB2otAoO5YFDVe6vVlQCgzGI2XQKiFaUc5WmQuZO8BGk8k8E+DansAI9+pAJt9UG7E9w7IKWCbamRcS965GFwlH0MQ9SMsvO14QehUJI//vXyQCGPTwOvoT/cKD0HoX2WnD8VJwuc/zLIl4fJfx6YpKgBJ6Ztsib3iO5zi8i3HqXk8JRMmLGfZt8qtycot2FqFWS31KPNIZbATS6huUxnQnNUudRGp2CLpTu7DmqM9H9YMNghj10Hx50c6gT93F9nWRVzFkL6nyj/czLgv/jTt+cJ0mt8dT/l1gamPWIjAYLAWTf5W6LYALL5pbFH44Yfu4A28fq3o4ljUIkGIbXTGu3MVOMs2+uu1d88mZbjHE5/Fqf/u4A0j8Bn7+/8HAAD//+WFrxMDewAA - path: /opt/azure/containers/provision_redact_cloud_config.py permissions: "0744" @@ -69,13 +69,6 @@ write_files: content: !!binary | H4sIAAAAAAAC/+x9+3fbNtLo7/4rsKxuYndDSXYcb+JW6aEl2uFaryWptPniXh6ahCTUFKkAoB/r6H+/Bw++qVfS3u8731n3NLbIwWAwGAwwL+iHv7VuUdi6dcn8YDjq6Y4x7Om/dRqH84jQ0F1A8BVQFwVA9cDJkQAZagM9B3F0cOBF4RTNYgw1f4HCCYH48Oj5AAAAvLk7g0DVgXoMVIP/uwBtoA7AO/YDlMaz1hsYw4mlmysl3yQov1sl/Ywxuncp7AYxoRB/iAglh0dA9Le48xEG6hK0IPVa5IlQuPDl7xaGXhR6KIDqUqBQ2RhIk0B8jzzY9FscB41ib/6NCI7b6vSLHzYZpQIZhH8CKvAetHx43wrjIAA//6yPLg8+WwLy9wM9vEc4ChcwpB3lenKhO9rYcCzd/KibcrKeS09WygHDAYCgxqOBHrq3AdRC36IupmANeeDrVwAfEQUN3TQd65Nl64Ou3XcsWzNt51Iz+gerTBps7IZk6WIY0g/xDI7dGUwnSre7rP2l5XRHw8uOkvBoSviAhSigKfj8mcmB/WHs6EPtoq/3Vgr4WwcoCvj9958AncOQQ7If6M2jKvB7wNC27iAOYdBaLFo0o8qZxzO4dGewBfnw/RKu3Rp1Kl2+B43n4gBXHPMUVYfV0y9N7Wq3UaWwuw3Kh1PszvYbk2jTKfe3YUSr3Pq3hJBPCOxFCxeF2cIc6vavI/OaNzWunEujr2eTzhdGCOlDhO98Of8Jp9yHO/Cy9X9vPvc+dMf3pze/t56ngTvrHP8EQvhIV4C9k8/aK8B+gxcvQOuHjIhOGLVeAqVRQ4NS4jaBPlBRqcNXvAtAyjhzn54gab0EdT0kbEpnnk2mMf545vQmGl853euc7HQ6QKE4hgooC0KFF2d/MS9q+XH2p/AjtxgS1qSaCGBIuA6SgqEmgrEODpMnEkSzoiA+uMtLFGT6hjy4S4egf0Pn7rbTOISPSwwaz9av2phT5VjGf+nO4GIFbn4Ex+12+yhrFUSeS1EUdhShlXJrWO0Lvewjctdy/x1j2MKQRDH2oLp0MT2urufkvcPaOEuXzjuNwykK/UVIgRpioEaAungGKVAt0DjE0PUDFN4Bdbqlr6OjtBOOe4qhHK0/BY3nascr8JVP8LEPvgrZel5iFFLQOF29PMoL3ufPoPGcR7oC6oyCxnOeravqYDO18ysKAhATmI6f0wimEeZMBlMUQKUoegXe19LfYjCsZabjAgJrejdCEk+nyEMwpKJjsnQ9CKKwRA+NgIehS2FG1TnA8EsMSXW4jBdlvrwCLqVwsaQonDFsUzcIwK3rcdQji/fSbDaVdctAytW/mZYocGBVszdExPEhOwR0tshJFNFNwqGOQeu/QxYkP3aXgj9jwlmnnGmg8ZwycPX9M1+kO3dKYjqma+qazU7X1uTy0uga+tB2eoZ17VhjrbtWJ4qxWAk94IEx7hYC4t5DH9DoHFSE5EDoGIqfvIXvoKkzdVEQYwhOTsEbcPKGCySD5kfs0riuK/hKB77cUPhhT5zXF5EPztrtSuOttCzuOK+/odNNWBmyKPyLsKoqmUcP4CuYYfhNlCfnuVLDMAql5JEH0AZtfubi56Mpoe5tYXPTqZc78+9k+/BD1VYDJ4Fa4ujxKbNhxAy3z05Pd2xUJEc0cpeU/S+hy3QU37beveHYantfA5pj7ueBG7oziH/PmLjTOJPT2QfbHjtjc/TbJ2di9q3sbF57NM+gO3VNEwpgNmMlBHNKlw4n5RsRaN6XGGF4fs4wnZ9zVOCmZiA3yk8Zvg0sz1D34NSNA5o3MW82j/hG2ZPrWzrbyJ29O8tZYMlMW/tNtVUYufUtk00K47G+a7pJeb6tv2jCN4z7r5jyDTz63kkfjnaf8QS2U222faLCKB3E/o1rObOWnD97CtaS/i3ML24HSp077C6+hQGkmftLSb1nu8G3jtsqk5usd6XkNHupjy5f1rvNmKXYqcyHProsbLtMEMcMfVdL91w0BYgMXIxCiEdYY6ftPgrjR6A0RlbZoPYgpo4PCe0orZjgFpm7GLaWd6jluSrFMaGqsEVabujNI0yyI2W89F0KHW/hdxTxt5q0EUCFc3C5I3bMCGR3nquy12iK2CFwaxdVWLmacqrYNieWrfecrsYsa3m+qX2/UsBX8OjiGTkqHIbWA9+6BJ6dAtUH7xlgOrKVkLOu1vQwVYrnrsm4x45cXc3p6qZt8Z4a2fA2A+dnvBsTGi26bjdjQs1pK1rSFqOLCPZEGCCAQtA4JPALaIPG4WHjuTux7NGA9cLH53RHk6G9Aio4Pjo6+gn4UWadQS9wMQT3Lg7dBexkLRl9TuMZrUDFOfg3CV1hWUZcq134Yc8YLsY+js6PQrjGwZKwjqFJVtx2jlfxeFFIXbZS/CKX08eTAC1Q6s3vjoa2Zgx1s+dM+sbAsJ2eORo7xlB4bMaa/aFTqxyyfnL6gUDqxAJ/6mEWB1Cl8bxDV9y0Ss6i7fY+rbgW2xG8xtOfrqkKAotNN8XgJfvvJnx5xHVW3q0PfBcuolDFMIhc/2CPWbkWGpapS4jZAkgl/3pyofd1O4knjE3jI5v8a/1Tfk6YhsYhpJBI+ZMqm3CEzTv4pNRh40K+Oxq2+MX+Ei1hSEgAZjDExAVqFFPQ2EIqOGmfvi20xvALUEP4ANTHN+13QPXdJwL+8brdBuodfNqOsLbbdExAJfHtH0BpdYd8Y5XBtJUCVNf34SMFCgOAHtUCOmSrvze0zguQxTl6WxP5qudbznWpjY2E/MlF3+hunTl3ifLszkw3hQeW6pGl0bzUetsJOnoIAY4ies7+2dZEDOe/Jqbu/NMaDdcMgvvAmn+QKCzTXmxZolis8XUwVTorgEILQgr+/pidP9WQAScC0u1zTxBb2PrQXq07hW5oUFL3tfPnBQiGlC25ynG4nhwmr/vTVGy1B2HJFlQljM280dXZOht2jbHWF6pyO21bG24mjyyb9JHW+OLq5bGAT/WhF/lQnFe2Cbw1zofCKhRIoMpgJMstvWvqdkdpHHouE0KJTTnarV0dmwoQrdbNTevm5uZm9afhUxg+RboGFzmaxbpyKfj5Z6CPLiX7KotKKDvFC6LYV855YFQzr7gUjia9lfJKvKcwdENqJCD6UBvajpG9J/Et8TBaUhSFCZQ1ubC6pjG2jdEwD+u6fpcLagq4bpR1jSzoYUi3NBTsSRsnMYkrHMVL0dTUrdHE7OrOlTmajFPIxIEogPqjrsaoT1/fL+ynJRQvPw4c+9NYz7MghHyXSYc/zNFAoBdjRJ84DRlUEtGz9O7ENOxPJXruCyg/GqY90fqObFSAMqtjLIE7a8aMo5hC270NYNaTOZrYumNrF/1sgEuMFi5+0u5dFLi3KED0ycpTNzaNgWZ+crSPmtHXLow+G46VY4FEYHluAGtbWl2trxeacLkc4+ge+RBfuN5dNJ0OIl+24zI6NkcfjZ5uOhda93p0eekMRj19IwLlHKxpu9rQyoQUI0jWN3ZM3TYN3dqERH9cRiEM6QYs+m/j0ZAp1Q1oejFOxHQdmt7EFLK7Ac0/EaUQb0DyT8O2dbMWhelS2GfH/5rmpmbr/EC9ueW/xtamxs6/xtZmBBexdwc3EuBcTLrX+nY6fsWIwm3EOL+ahq3vQtJ2dIKuIsaYQOFp9w0fhhTRJ/2RwpAkEz2xdGegDbUrvecYPX1oswWm/2brQys30TGBWCMEzcIMj9ETC2Zi6aajWZZxNczjyOnZmEAjJNQNPTiA1PVd6qZ9G0PL1oZd3RnottbTbG2Vak3Xv3AD1ghbd3GiPLWec6H1WQvTsa4naR8+IkzbjGJ6G8Whbw01m/dRbNEzLKZ+nNHEvhhNhj2HwSU9wkcviH04cAmF+BJHC4u6oe9iv3/BUem/dfuTHmOXZeumc2mOBg4jvqeZPad/sUo1kpi+j24c5PTR9YA7SMWcfdQmfVtaC7LZwn1Ei3jRzw3bjAPYjWK5sgfab8ZgMnDYiNIBmRN+YppkSzvp/ho+JZ3fvSVK9e1HiKUUKMxiEblm4jCsPhZzoDbpRNAByv1JTeBbpqUorU06q+UrYL0tsBsuoXF2wFTO8BEZPU7eEjSGV/yQbFwaXWY0miNb7tbcBV2f9bPeHq9PLLKcxGEkzkMbEopypgm3o66LbTeZVOmpSx9+NMzRcMD0f87EKppZaxHnYuYlq2u3JlUjbFO7ipEgIfXhRw5X52/ciZCcWJfnI7WRsgSonZK9SnNTQlOeGV+48BPfiJCZddOxDtfaydipQWUqdmhVMSRzTFpnqe2GOTcjNeyTbrfO7pEFL1oInSJZm6WobmKt7GdXxlbBpeNwHdx+WcFlDl/2tSuro6piSGCrICVKvJTy2R0aqQ+qLn/i+KQtkz0if4mjWwhusRNCOkUBhbjoRh6M2E5wUc6WUEOg5BspicW+iPw4gERl+3nTb+VhctkLOUqNMbcbSHkEyfN8XEdsT4ktMu5PrjjPO0Dhqr9mV1rcg0Z3aDgXxtDpGSYTHLFLsK4CRKh4nUyjYbZKgsGTaEogFSSlXKw8jaO+0f0k9YrnBsiLlLo8rCSpk/ygLLhtotxi5M+gkn7OpQYrP8xe7kEUDDaTxUM1616GUcj5Cl68KOFIzgNcYWa0/f8enfRQsZ8WuUVhC95SLjhApSB0KVDVFF6sE3l2lInRzOgN7qGfyllAgBpQLMQZ87c5yXVp/YvJxWRoTxxT7+uapXcahwG5dTAMoEsgUDFQZXgtnYpiA8nI47fN9mkyH7UQJ+2tECdbIU45xJq8diOcRRiFszTZF0sOgS8xxE8giTbdxhTEhAEiSkCOH6WUQYHVniMCEGEdAoIWywASCtzlEkeuNwc0Ag8RvnMxO8yDtENESAwJeEB0HsUUMJUfQAqDJxCHiJkYQQAQzbr6zDMtcRymO4hElZ8uwGWZxH4EghCoZIcWtTO+VVY2yosQRRiSQrRNCmFyVLH1vj4emfbW84nAY8MALiNM/QO5LDYH+Oticgo42BDir43iwUfoOTxuVRvjL22Bj9Dj5SzjiNCOWLBomSzYMbgcmb9qZg9o3a4+tpPYWcIPjZ3Uta7tWLapawN2et/GmSCaEYdGDryHISVA0a6tZtfSm2XOywcapmjqetSiGLoLFM4UsOZFcZusoYybuv3+QXICLeYC5kJ8OaVwNZ44w8TOYoMpaF5yh5ZOeI985Do+RvcQO3IVFIdfkAy++q5gCLHLE6DDKFSvxpNcjFFuxzxMzt6EkQ+BH0O2Kj8OAHVnMlSVHtKzoKdU0cORw0jf6MvPOmzJQwyNFkGRjfwU9Ktmdz84tjHQRxP7IJdHURlLZQxpGvd6Uv8aGsUUFxaOR4Om33r3Tp1G2IOq2PHYhwcX++uWCjgIIW2i5f1pEy0dCQw64Dh7znN63CBoyreMETmAs40Aggr5Sw2nqucGgZquQAYmDpUbz41idEBVhV6olKB17T7bckZarxDeRkR1PYruIVDVLzGCFPiRdwcxk/DDFMyR+zM4aYPXbd6pBKupdOs5vVH3Wjcdyx6N+Rn1aEMJXU5edqmak+p5GPXi5Sgc42iBiBdfcN5lVSxr+hJt1TBS/Xi5T3epFt/aBU0g90FfUWSym2yaRA0dcD2sLhDGEU6UfQFKZCrUA7G9lae5uB5u0SgKSCu6hzhwn279llRZTTLfCirWoBoTiFV3BkPaJHPAz4Fbm4pB8Pwz1Y3pfPfuWB9+9BByC0byYuoKHbRre8/15mxz4YYp+9tC/4ZXF+D1yR5I4CObXIglHkkK0/HfjoR9AO/enr1mG1Ji/YnaJseLMHQYrw8A8GIcAPU3MJ7Y4CXPVZtHhJ6/ffOPtxL5LyHpONI4fSFoc3iBx2OHz5CHmyh6QbiUMUW2cGknJfAlUEd1MscHlA0j/Uul3iKuFcP6hiR0l2QecUdhhiT3dINIFzvdCJBDuGZtsL10EYXZ8utxVZYu7UR7ySik/pveTVat0dc7dYcwoQzXH8A4XjaNzHxV3atEe+ZLt/N9D0aToS1cD6lS3b1zL4AudhZRHFJniaOlO+NRJWcauDOS0SP74o6hDLnA1hIJUTnHbTFf75jtAe1iSp5ISCCgUUYM6mqc/vgCXjZfgp9rwF+8ALcYund19iTvpIGAyog4abdrcW85GKwpiSIBhEtwXO61JuOvumnmdrFtG+fmDY+fiZLjUWEDXb/n1G3F6Rac7jY5eecVqlu3Mn/uLe/PdtjHdvdpoeWZI481Gzxaq4ODGaRjEVYeIs8YZ44ApvbETNloATvHuacL91EGczvH7dxz1Cl8WnYU6eR+mKMA8kI9xExG0Mgw8AN7XraXncahUMDE6gP1A1CSONo5EEd8no9/3modn71rnrw5bcrfrYWEE5ts6MGkhLuFQgrx1PXgL+4SqfciGNQ5aZ8cq+0TtX3MjsN/fAEqBi+bn9u/J0dQzfcxJIQ9kbcOGMmzSgkizw9CS4VJZeMXvmra9TWHa1ecWBaNlOdZD53G4SH6e1JQm64Tec5HS2VdpiQKZ7lcYTOiXD8VvIp/ZnBIVvSL/oWvhBkqGQUASxIAIkCuWP8VCCM6l/Wp6SiUXIUyjXEI2sX0J761A3UKyDyKAz9Z/47s3ZG9O7nenaR3oZVlfHSXUfN61sq6c8KIbT2UgOM2U9RtZlPNgeo9fgtRmYuMC1AIQXsNg1n3vN4S+JBCvEAhZO124rsgDNzClP3g9olbvcsoCnL2blG990ej68nY2Ydnjq1dFaZsp0Z97ULvd5QsttdMXJ9pKESVA1Q9t+OJS1eUYpRrHzJfvdoY+Po2ka7w9JW4wYSLNkOQIOQnBeCGvnA8BO4tDEguNJiMQARHcrEX/qClqrx3qIp82EJ1RIcNaDMEP9nnI5E7hAm38KsmWFgT8cqH1LIajQ1ARYcF19Yv0RQ0xajsvnURRZRQ7C4Zbdx5xMiqBxAWDT+XgCaAof8yxX5UGUgubJcIslBKi+g+UbXDyId9NnXFVOvNQr5Wv6WJ0fvJnrz95ZWoynb9vEixiQ0h9KGsY3J9/7tIT084EkslF7+nX/K0j9xxtxjKq6kQlhDpUiZwcc9st8XSxRAIoTSHuq1bzkfdtIzR8FxV2s12s62sgHLcPHnXbJdLnDZ7QK/T2CrNscMYXwbuTAF1T2tScItLtLRCeVA0t6DyfFkpNVhM/crgKTdW94Pem/TZmuuIpfZ+N0zFSFanJrT1fj+SjIF2pecGxj/vj4YXDXDxyXMp93QXlLlcbJGLm0v44HCyaqVeja9v0tmCbythct3WB9Rr4NPV4nS1NSnXMifdzaocspBG49BHvMIq6SZBs0qSrfPJDLwQylybvJC1XTOGHEDduZHn3uqO3beci9HItmxTG4+N4VVxo2CGSL7VFvDSBCasZK32z5egAblN9H8pWWIDT0v9paytzbEoAG5JsKiHLWVXFID2T60osDdNrmDcSRIs7l3cCtBtwrFW7p2qpuza2KQOqpCZ8e3iUpp/Teul+dcd5cx34enJ9K16+vrsrXp69o+36rvT6VR9/e6sDU/ewtdnr9tKyV/ClIZMnaqjwGE9yNoIbTx2jF794aZAyH4I64w+2TJrxeYvfynZTjzfJs3beqkX7e2tKnIuyqr2aCiFfnuLmhXgLpFM7DwH98cHdyj0z4Hw9R5Iw4CcH6iAceFceCXk4wMA5F/nB0mBsjxTcYd5hBF9OgebNLJMIGWny3Mgbj5otaoXG56fnr4+iEmBksSOSWfyQPgsz6VlC73zlD/5McryJEYgDCkSlRbNu7ekiaLW/XEuR3OxcBkvhIucX7mU14DsQ26BC7RZj3hGsv5VkKcyeaaqIXyk6hJHNOq4d0QtYCwAuq5IooixB9kum1s+q2yFhhRi4ekbRD48B0N4z2dJ/MhMXnnDphFOI+ELOvCikMJHynkr/5YTKme3POuS0bVTICYnxxeB8MCLMYYhTT7XgSQaT2QbffMm9xdrgT2X//7rfo8F/5+Vzjh9B0NREFbYOOzRtc4OBv/zpDvnyN8qobvL5U7SuKsMbpW8/83ylqryTMjEo7zf53y36lfZ8A4+nW+v4/1mUU0prrJyrYTWAeXOnAXzitvUk6FtDPTErySKKqXUZjtkGi4imQ0xP6g5mK9HVytL+Sutf+D/ZTlfRprzpfrg+Oxt8+x18/jkXfP4jK0S6i2Bqvrc0f22DdQ/ALMHvqn565M3J2cpBplZxjbWLPTTaRzu5i0phYwUUHogfGj60GInOmPQs9iGb5tGlzuQ9jfeZDIJWviEnSQoRh4/+GR23Bq9soWEVM+kOmZrgxr7eLc2UoS2Au9u5yU1n0Oj67DJe87P5UopAsvTSLnfTnpOKb8pIzCGlm7aVcJ5TZY9cgba8KovC147jed9wOXd37kE4UbBhcbOSz8qaOHOoOphyCvy3EBNqrtkvYDyI4+87dXyFoWqj7Dy47ps4G4SjAJZ8+Qwinmk/jaic7CNNu7f30pGEgvAEJAl9NAUQR+gsBgCUPb0bAoCummvSTmZAta92bMDmdBU18PaV/X3LJeC4onbuxC+Tl3UNbldlsxHmfDbgbYG3ZP0FVXcJtSkaFHJshtqY+vDyE6uE6rrdYBmYxdTJOKqO1z6v0Azfj0yb7H7Vf/rmh23Vf4KR1MUwO33/O+BZ3dddDWeZMWtY3PEt1aR0Ft+vMrcQ+tmpkBibn553mU6rzLTsnAELSWfvlPFB9W9y2XjrHORVPBV94c6mJpbZdaCpbeBpADrasrWoth4JWwxMzUXpXlLulFIcRSMAzeE+fh/w9SZ4WHq/5oYpt5LnLTDUVo3zEuM6u1VEbnKn7s2Zqdw7dy1++DkfSZY8hynonAalRb7W4udtYbG8CrNKVodHIhbkZn+GbghmkJCewgXAlADbWhc6pbdM8xO+eS6kG1IURYapXasoweMRD9iGyh0ISaGdzCPFrDVSNPLWk3WWwlQLIhCw1bONiqSkYLkhK9RxJW79Cfr+Tz7sw7RjuA59Eym/9Fu1yNL68NqmuYCwELkD1RVLRtVeTtqu8mkigygG6UhL3WTkckbpWAu5aiRxlJqWtwojaSa/V+94c0u5nWlSWa3FF+prr9AIQdY11nZiKlAFIzMkl23trdNdl7GshxTqqzL7LzaBtf6pxvlgB1M1820+pilH0kXnRbTiHhuALHm+7mEo25/wkehTewRv6zEdLRer5AWmS9pZ22ZmSk0hJsiVX24DKIntvk0n9xFcJCvmydffxZDMnrvv8rcgsaGK3Ky2P/XmQIaG0ms78iC3g49iTt1vqc3Et8WxlS8H+h7MMvriXLI0yuKvgctnmUIi5fn7IU1lS6ta3SjMIQejUqCpXV5xeRQ79oj0+maOr+aQ+tbncYh/96AKVCebxQpGP6NwsT8/5Ab5RVInoqLkYpvkmubik+LlzUV3wkndg9hTuSTHvrLCIV0ggMBl/hzgmiGwuYCeTgi0ZRGYYBCnuV0o7y6SS9ckheHr8Wy4O/5OsjSpGoJucLucp7ccZQQnaCZsZfNBxT60QNphpBKHORLMEh72IUIL8Iwj+f87enpa4ls5gYB3MAR+b4ykMV3UdC6UVYKUDYpgI2vxaplIOmK4PDFtZc/wT2A9tFB7SWOd/AJYOKen7bfnclbHcPIh6RwuePrszficscopmv8bq6H2D4i1gEDbS7hQlz1uEsD9ky0SG5/7EyslmV3ulqr37lHmMZukHhxR5UHk/KT7rD0RKlZktf6p07jUPJor2E9yO++KS1x3bT3Q5gN+yGZoCLK7TtREeG2TQhDn7z/2lirmrjmW0dCVZUO3QV8/7WkR/fCwThQJUg37b2w3MGnCpJr/dNmHJkKZ6t7HAXIeyppcJ5+I3KUdpkKhkddckTbZgKnau/911ZeeZNWeSG3ClfdkVYtu+spzcZ4NZ70eIVq+f6Gxoj7pBqyMH1kcU9+zcUNhbucn13u7ySvZst4Vb1tIS1jSBzTyYULafmDUp+I7lEM1BCI+LHwT4ElM8kaw49Gz9Ccnml81E2R73Ve9zBN8c0ZhBXz7w04bnNLQSZHA6XRtU0ndQ70+0530NuvUzBbxkkNfAuGFD/xjaFJ5onXSSnT1Wn8UniU8A9DKlLa22vYlFkxl2neddL31XgCRDHyK264onBW+DKlaiI1G7YYjVWu7KjJDlkzTQTgBTfzQ+8bJ6tSk5NNjixo+b75SWYB/K+ZBln7gxfoG1ku8fEUgd3v6E+KMTOdkkua4KMf8pr4tJjfjqLgDuUuQOHONQE0ZuY3oTD0eJpFGtQtX+AeEa6qwogCEi95DaUPXAroHBFA0QI2AblDy6UsQy+ovFL1wHHB2bvRPSSK+9W0hkmNgeq1iz6hDfO2HvfrdjtBThboT0B48gYEvvTt74LtG76agTu5xKxZT4sAhXd2pAVBj3872JCdGivhzu/bETaOdnmHggColnH1YTJeW1iXH32iOvLFgAWls0d/Yunt2Zm4Y+TeDZDvUrh+Sz5ERDMHZ6dHjEW134+Y93Fu9cGuEeIXL+TSmi1jqaoAW9bQ55fVlBfRzjL6MEfePCfc+ZH9wkZUU4RmDQzH1K1J364vaxJjKS6ao+oE7o6mwQegWzYPhJeRShFm6CxbsydWskXIYWQv2P5QM54cnKBHxv3CaWSOBgAR4EUYx0sK/bpQX3VjMIaXI8ccDZzuyDQnY1vvbfh6v123lFT95xBUROIhwndMqU5RCJXKVTl/qhDntcWlcZUj3zEunaGu98TFMslNLHsVVmSUNiv7Q0XYq3zZGXl1eSug+qz6Xce7HsR3JqS07BWgrItuVSB3XerF+7usD9UIZ0+8411FS0DIvFSqLMviLOtDzmNbCc9m3trUVs1uc92Y8rU+BJ7ZZWvCb1v6qsbitjY4KBXnVq7OzG2TvOjG/OT0hpbDvxHzt5odMvnalG0db8knuyuE5nPpuzIAUJkPGRJIOMqTc5PAgOvhupwCwWmXenOD2wtJPq8KlB+b2Q0VSt1jL6x97MPaxzHJP96XyaKeWdR9dV1vDpOLuc+BctxeyGK1fAp0OtZkqM2En8U86HwWs7rpstxKcuN/pnnDNP/PmCuhCuvq87KNceGTUUyXMc3uEwDqB5BeJsC3NVUNI/F1hcqPClDVhfuoMvsGvPlLbhk4yYnMUfGotubCgJCPTPN9TDqHuTsHlven7GFSO9vIhrv3VQag1QKKkrvQIL3MQPShiDsDc5T8vXOYe12g6mxnqs6+maqzzVSdlaiSIHjWaRwal1bnFfgpTcTINf/84+8r5QjUFA2lCOoLgmRpoc+vGlO5R19Fy07WDNCoWO+t1JZGJyXexRS2OoR1X9a9Ojj4QR9d/r8AAAD//2OpGGpAhQAA -- path: /opt/azure/manifest.json - permissions: "0644" - encoding: gzip - owner: root - content: !!binary | - H4sIAAAAAAAC/6qu5VJ29XfjAgQAAP//mfanrwgAAAA= - - path: /opt/azure/containers/init-aks-custom-cloud.sh permissions: "0744" encoding: gzip diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line105.sh b/pkg/agent/testdata/RawUbuntuContainerd/line105.sh index dd335c71cfd..b02cff3e054 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line105.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line105.sh @@ -1,35 +1,10 @@ [Unit] -Description=Kubelet -ConditionPathExists=/usr/local/bin/kubelet -Wants=network-online.target containerd.service -After=network-online.target containerd.service +Description=Apply MIG configuration on Nvidia A100 GPU [Service] -Restart=always -RestartSec=2 -EnvironmentFile=/etc/default/kubelet -SuccessExitStatus=143 -ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh -ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh -ExecStartPre=/bin/mkdir -p /var/lib/kubelet -ExecStartPre=/bin/mkdir -p /var/lib/cni -ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" -ExecStartPre=/bin/mount --make-shared /var/lib/kubelet - -ExecStartPre=-/sbin/ebtables -t nat --list -ExecStartPre=-/sbin/iptables -t nat --numeric --list - -ExecStart=/usr/local/bin/kubelet \ - --enable-server \ - --node-labels="${KUBELET_NODE_LABELS}" \ - --v=2 \ - --volume-plugin-dir=/etc/kubernetes/volumeplugins \ - $KUBELET_TLS_BOOTSTRAP_FLAGS \ - $KUBELET_CONFIG_FILE_FLAGS \ - $KUBELET_CONTAINERD_FLAGS \ - $KUBELET_CONTAINER_RUNTIME_FLAG \ - $KUBELET_CGROUP_FLAGS \ - $KUBELET_FLAGS +Restart=on-failure +ExecStartPre=/usr/bin/nvidia-smi -mig 1 +ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} [Install] WantedBy=multi-user.target diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line112.sh b/pkg/agent/testdata/RawUbuntuContainerd/line112.sh index b02cff3e054..d60b92d68b2 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line112.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line112.sh @@ -1,10 +1,27 @@ -[Unit] -Description=Apply MIG configuration on Nvidia A100 GPU +#!/bin/bash -[Service] -Restart=on-failure -ExecStartPre=/usr/bin/nvidia-smi -mig 1 -ExecStart=/bin/bash /opt/azure/containers/mig-partition.sh ${GPU_INSTANCE_PROFILE} - -[Install] -WantedBy=multi-user.target +#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version +#TODO: Use mig-parted library to do the partition after the above issue is fixed +MIG_PROFILE=${1} +case ${MIG_PROFILE} in + "MIG1g") + nvidia-smi mig -cgi 19,19,19,19,19,19,19 + ;; + "MIG2g") + nvidia-smi mig -cgi 14,14,14 + ;; + "MIG3g") + nvidia-smi mig -cgi 9,9 + ;; + "MIG4g") + nvidia-smi mig -cgi 5 + ;; + "MIG7g") + nvidia-smi mig -cgi 0 + ;; + *) + echo "not a valid GPU instance profile" + exit 1 + ;; +esac +nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line119.sh b/pkg/agent/testdata/RawUbuntuContainerd/line119.sh deleted file mode 100644 index d60b92d68b2..00000000000 --- a/pkg/agent/testdata/RawUbuntuContainerd/line119.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -#NOTE: Currently, Nvidia library mig-parted (https://github.com/NVIDIA/mig-parted) cannot work properly because of the outdated GPU driver version -#TODO: Use mig-parted library to do the partition after the above issue is fixed -MIG_PROFILE=${1} -case ${MIG_PROFILE} in - "MIG1g") - nvidia-smi mig -cgi 19,19,19,19,19,19,19 - ;; - "MIG2g") - nvidia-smi mig -cgi 14,14,14 - ;; - "MIG3g") - nvidia-smi mig -cgi 9,9 - ;; - "MIG4g") - nvidia-smi mig -cgi 5 - ;; - "MIG7g") - nvidia-smi mig -cgi 0 - ;; - *) - echo "not a valid GPU instance profile" - exit 1 - ;; -esac -nvidia-smi mig -cci \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line120.sh b/pkg/agent/testdata/RawUbuntuContainerd/line120.sh new file mode 100644 index 00000000000..7605397f84c --- /dev/null +++ b/pkg/agent/testdata/RawUbuntuContainerd/line120.sh @@ -0,0 +1,99 @@ +#!/usr/bin/env bash + +set -o nounset +set -e + +source /opt/azure/containers/provision_source_distro.sh + +unattended_upgrade() { + retries=10 + for i in $(seq 1 $retries); do + unattended-upgrade -v && break + if [ $i -eq $retries ]; then + return 1 + else sleep 5 + fi + done + echo Executed unattended upgrade $i times +} + +cfg_has_option() { + file=$1 + option=$2 + line=$(sed -n "/^$option:/ p" "$file") + [ -n "$line" ] +} + +cfg_set_option() { + file=$1 + option=$2 + value=$3 + if ! cfg_has_option "$file" "$option"; then + echo "$option: $value" >> "$file" + else + sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" + fi +} + +KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" + +source_list_path=/etc/apt/sources.list +source_list_backup_path=/etc/apt/sources.list.backup +cloud_cfg_path=/etc/cloud/cloud.cfg + +while [ ! -f /var/lib/kubelet/kubeconfig ]; do + echo 'Waiting for TLS bootstrapping' + sleep 3 +done + +node_name=$(hostname) +if [ -z "${node_name}" ]; then + echo "cannot get node name" + exit 1 +fi + +node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') + +golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") +if [ -z "${golden_timestamp}" ]; then + echo "golden timestamp is not set, skip live patching" + exit 0 +fi +echo "golden timestamp is: ${golden_timestamp}" + +current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") +if [ -n "${current_timestamp}" ]; then + echo "current timestamp is: ${current_timestamp}" + + if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then + echo "golden and current timestamp is the same, nothing to patch" + exit 0 + fi +fi + +old_source_list=$(cat ${source_list_path}) +sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} +option=apt_preserve_sources_list +option_value=true +cfg_set_option ${cloud_cfg_path} ${option} ${option_value} + +new_source_list=$(cat ${source_list_path}) +if [[ "${old_source_list}" != "${new_source_list}" ]]; then + echo "$old_source_list" > ${source_list_backup_path} + echo "/etc/apt/sources.list is updated:" + diff ${source_list_backup_path} ${source_list_path} || true +fi + +if ! apt_get_update; then + echo "apt_get_update failed" + exit 1 +fi +if ! unattended_upgrade; then + echo "unattended_upgrade failed" + exit 1 +fi + +$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} + +echo snapshot update completed successfully diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line127.sh b/pkg/agent/testdata/RawUbuntuContainerd/line127.sh index 7605397f84c..15be92f982a 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line127.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line127.sh @@ -1,99 +1,6 @@ -#!/usr/bin/env bash +[Unit] +Description=Snapshot Update Service -set -o nounset -set -e - -source /opt/azure/containers/provision_source_distro.sh - -unattended_upgrade() { - retries=10 - for i in $(seq 1 $retries); do - unattended-upgrade -v && break - if [ $i -eq $retries ]; then - return 1 - else sleep 5 - fi - done - echo Executed unattended upgrade $i times -} - -cfg_has_option() { - file=$1 - option=$2 - line=$(sed -n "/^$option:/ p" "$file") - [ -n "$line" ] -} - -cfg_set_option() { - file=$1 - option=$2 - value=$3 - if ! cfg_has_option "$file" "$option"; then - echo "$option: $value" >> "$file" - else - sed -i 's/'"$option"':.*$/'"$option: $value"'/g' "$file" - fi -} - -KUBECTL="/usr/local/bin/kubectl --kubeconfig /var/lib/kubelet/kubeconfig" - -source_list_path=/etc/apt/sources.list -source_list_backup_path=/etc/apt/sources.list.backup -cloud_cfg_path=/etc/cloud/cloud.cfg - -while [ ! -f /var/lib/kubelet/kubeconfig ]; do - echo 'Waiting for TLS bootstrapping' - sleep 3 -done - -node_name=$(hostname) -if [ -z "${node_name}" ]; then - echo "cannot get node name" - exit 1 -fi - -node_name=$(echo "$node_name" | tr '[:upper:]' '[:lower:]') - -golden_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-golden-timestamp']}") -if [ -z "${golden_timestamp}" ]; then - echo "golden timestamp is not set, skip live patching" - exit 0 -fi -echo "golden timestamp is: ${golden_timestamp}" - -current_timestamp=$($KUBECTL get node ${node_name} -o jsonpath="{.metadata.annotations['kubernetes\.azure\.com/live-patching-current-timestamp']}") -if [ -n "${current_timestamp}" ]; then - echo "current timestamp is: ${current_timestamp}" - - if [[ "${golden_timestamp}" == "${current_timestamp}" ]]; then - echo "golden and current timestamp is the same, nothing to patch" - exit 0 - fi -fi - -old_source_list=$(cat ${source_list_path}) -sed -i 's/http:\/\/azure.archive.ubuntu.com\/ubuntu\//https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -sed -i 's/https:\/\/snapshot.ubuntu.com\/ubuntu\/\([0-9]\{8\}T[0-9]\{6\}Z\)/https:\/\/snapshot.ubuntu.com\/ubuntu\/'"${golden_timestamp}"'/g' ${source_list_path} -option=apt_preserve_sources_list -option_value=true -cfg_set_option ${cloud_cfg_path} ${option} ${option_value} - -new_source_list=$(cat ${source_list_path}) -if [[ "${old_source_list}" != "${new_source_list}" ]]; then - echo "$old_source_list" > ${source_list_backup_path} - echo "/etc/apt/sources.list is updated:" - diff ${source_list_backup_path} ${source_list_path} || true -fi - -if ! apt_get_update; then - echo "apt_get_update failed" - exit 1 -fi -if ! unattended_upgrade; then - echo "unattended_upgrade failed" - exit 1 -fi - -$KUBECTL annotate --overwrite node ${node_name} kubernetes.azure.com/live-patching-current-timestamp=${golden_timestamp} - -echo snapshot update completed successfully +[Service] +Type=oneshot +ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line134.sh b/pkg/agent/testdata/RawUbuntuContainerd/line134.sh index 15be92f982a..2f855de5428 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line134.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line134.sh @@ -1,6 +1,9 @@ [Unit] -Description=Snapshot Update Service +Description=Runs snapshot update script periodically -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/ubuntu-snapshot-update.sh \ No newline at end of file +[Timer] +OnBootSec=10min +OnUnitActiveSec=10min + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line141.sh b/pkg/agent/testdata/RawUbuntuContainerd/line141.sh deleted file mode 100644 index 2f855de5428..00000000000 --- a/pkg/agent/testdata/RawUbuntuContainerd/line141.sh +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Runs snapshot update script periodically - -[Timer] -OnBootSec=10min -OnUnitActiveSec=10min - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line142.sh b/pkg/agent/testdata/RawUbuntuContainerd/line142.sh new file mode 100644 index 00000000000..4d6cb87b4cd --- /dev/null +++ b/pkg/agent/testdata/RawUbuntuContainerd/line142.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -o errexit +set -o nounset +set -o pipefail +set -x + +# + +MOUNT_POINT="/mnt/aks" + +KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" +KUBELET_DIR="/var/lib/kubelet" + +mkdir -p "${MOUNT_POINT}" + +SENTINEL_FILE="/opt/azure/containers/bind-sentinel" +if [ ! -e "$SENTINEL_FILE" ]; then + mv "$KUBELET_DIR" "$MOUNT_POINT" + touch "$SENTINEL_FILE" +fi + +mkdir -p "${KUBELET_DIR}" +mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" +chmod a+w "${KUBELET_DIR}" \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line149.sh b/pkg/agent/testdata/RawUbuntuContainerd/line149.sh index 4d6cb87b4cd..019b0dfc0e2 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line149.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line149.sh @@ -1,24 +1,10 @@ -#!/usr/bin/env bash -set -o errexit -set -o nounset -set -o pipefail -set -x - -# - -MOUNT_POINT="/mnt/aks" - -KUBELET_MOUNT_POINT="${MOUNT_POINT}/kubelet" -KUBELET_DIR="/var/lib/kubelet" - -mkdir -p "${MOUNT_POINT}" - -SENTINEL_FILE="/opt/azure/containers/bind-sentinel" -if [ ! -e "$SENTINEL_FILE" ]; then - mv "$KUBELET_DIR" "$MOUNT_POINT" - touch "$SENTINEL_FILE" -fi - -mkdir -p "${KUBELET_DIR}" -mount --bind "${KUBELET_MOUNT_POINT}" "${KUBELET_DIR}" -chmod a+w "${KUBELET_DIR}" \ No newline at end of file +[Unit] +Description=Bind mount kubelet data +[Service] +Restart=on-failure +RemainAfterExit=yes +Type=oneshot +ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh + +[Install] +WantedBy=multi-user.target diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line156.sh b/pkg/agent/testdata/RawUbuntuContainerd/line156.sh index 019b0dfc0e2..7cc1e25064c 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line156.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line156.sh @@ -1,10 +1,11 @@ [Unit] -Description=Bind mount kubelet data +Description=enabledhcpv6 +After=network-online.target + [Service] -Restart=on-failure -RemainAfterExit=yes Type=oneshot -ExecStart=/bin/bash /opt/azure/containers/bind-mount.sh +ExecStart=/opt/azure/containers/enable-dhcpv6.sh [Install] WantedBy=multi-user.target +#EOF diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line163.sh b/pkg/agent/testdata/RawUbuntuContainerd/line163.sh index 7cc1e25064c..e13d68920d0 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line163.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line163.sh @@ -1,11 +1,27 @@ -[Unit] -Description=enabledhcpv6 -After=network-online.target +#!/usr/bin/env bash -[Service] -Type=oneshot -ExecStart=/opt/azure/containers/enable-dhcpv6.sh +set -e +set -o pipefail +set -u -[Install] -WantedBy=multi-user.target +DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf +CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg + +read -r -d '' NETWORK_CONFIGURATION << EOC || true +iface eth0 inet6 auto + up sleep 5 + up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true +EOC + +add_if_not_exists() { + grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" +} + +echo "Configuring dhcpv6 ..." + +touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ + add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ + sudo ifdown eth0 && sudo ifup eth0 + +echo "Configuration complete" #EOF diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line170.sh b/pkg/agent/testdata/RawUbuntuContainerd/line170.sh deleted file mode 100644 index e13d68920d0..00000000000 --- a/pkg/agent/testdata/RawUbuntuContainerd/line170.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail -set -u - -DHCLIENT6_CONF_FILE=/etc/dhcp/dhclient6.conf -CLOUD_INIT_CFG=/etc/network/interfaces.d/50-cloud-init.cfg - -read -r -d '' NETWORK_CONFIGURATION << EOC || true -iface eth0 inet6 auto - up sleep 5 - up dhclient -1 -6 -cf /etc/dhcp/dhclient6.conf -lf /var/lib/dhcp/dhclient6.eth0.leases -v eth0 || true -EOC - -add_if_not_exists() { - grep -qxF "${1}" "${2}" || echo "${1}" >> "${2}" -} - -echo "Configuring dhcpv6 ..." - -touch /etc/dhcp/dhclient6.conf && add_if_not_exists "timeout 10;" ${DHCLIENT6_CONF_FILE} && \ - add_if_not_exists "${NETWORK_CONFIGURATION}" ${CLOUD_INIT_CFG} && \ - sudo ifdown eth0 && sudo ifup eth0 - -echo "Configuration complete" -#EOF diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line208.sh b/pkg/agent/testdata/RawUbuntuContainerd/line208.sh new file mode 100644 index 00000000000..ceb0ddeb979 --- /dev/null +++ b/pkg/agent/testdata/RawUbuntuContainerd/line208.sh @@ -0,0 +1,9 @@ +[Unit] +Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode +After=containerd.service +After=kubelet.service +[Service] +Restart=on-failure +RestartSec=2 +ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh +#EOF diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line215.sh b/pkg/agent/testdata/RawUbuntuContainerd/line215.sh index ceb0ddeb979..c606af08d4c 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line215.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line215.sh @@ -1,9 +1,51 @@ -[Unit] -Description=Add dedup ebtable rules for kubenet bridge in promiscuous mode -After=containerd.service -After=kubelet.service -[Service] -Restart=on-failure -RestartSec=2 -ExecStart=/bin/bash /opt/azure/containers/ensure-no-dup.sh -#EOF +#!/bin/bash + + +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +if [[ $? -eq 0 ]]; then + echo "AKS-DEDUP-PROMISC rule already set" + exit 0 +fi +if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then + echo "cni config not up yet...exiting early" + exit 1 +fi + +bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") +promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") +if [[ "${promiscMode}" != "true" ]]; then + echo "bridge ${bridgeName} not in promiscuous mode...exiting early" + exit 0 +fi + +if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then + echo "bridge ${bridgeName} not up yet...exiting early" + exit 1 +fi + + +bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") +if [[ -z "${bridgeIP}" ]]; then + echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" + exit 1 +fi + +podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") +if [[ -z "${podSubnetAddr}" ]]; then + echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" + exit 1 +fi + +bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) + +echo "adding AKS-DEDUP-PROMISC ebtable chain" +ebtables -t filter -N AKS-DEDUP-PROMISC +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT +ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP +ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC + +echo "outputting newly added AKS-DEDUP-PROMISC rules:" +ebtables -t filter -L OUTPUT 2>/dev/null +ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null +exit 0 +#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line222.sh b/pkg/agent/testdata/RawUbuntuContainerd/line222.sh deleted file mode 100644 index c606af08d4c..00000000000 --- a/pkg/agent/testdata/RawUbuntuContainerd/line222.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - - -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -if [[ $? -eq 0 ]]; then - echo "AKS-DEDUP-PROMISC rule already set" - exit 0 -fi -if [[ ! -f /etc/cni/net.d/10-containerd-net.conflist ]]; then - echo "cni config not up yet...exiting early" - exit 1 -fi - -bridgeName=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .bridge") -promiscMode=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .promiscMode") -if [[ "${promiscMode}" != "true" ]]; then - echo "bridge ${bridgeName} not in promiscuous mode...exiting early" - exit 0 -fi - -if [[ ! -f /sys/class/net/${bridgeName}/address ]]; then - echo "bridge ${bridgeName} not up yet...exiting early" - exit 1 -fi - - -bridgeIP=$(ip addr show ${bridgeName} | grep -Eo "inet ([0-9]*\.){3}[0-9]*" | grep -Eo "([0-9]*\.){3}[0-9]*") -if [[ -z "${bridgeIP}" ]]; then - echo "bridge ${bridgeName} does not have an ipv4 address...exiting early" - exit 1 -fi - -podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet") -if [[ -z "${podSubnetAddr}" ]]; then - echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early" - exit 1 -fi - -bridgeMAC=$(cat /sys/class/net/${bridgeName}/address) - -echo "adding AKS-DEDUP-PROMISC ebtable chain" -ebtables -t filter -N AKS-DEDUP-PROMISC -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${bridgeIP} -j ACCEPT -ebtables -t filter -A AKS-DEDUP-PROMISC -p IPv4 -s ${bridgeMAC} -o veth+ --ip-src ${podSubnetAddr} -j DROP -ebtables -t filter -A OUTPUT -j AKS-DEDUP-PROMISC - -echo "outputting newly added AKS-DEDUP-PROMISC rules:" -ebtables -t filter -L OUTPUT 2>/dev/null -ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null -exit 0 -#EOF \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line307.sh b/pkg/agent/testdata/RawUbuntuContainerd/line300.sh similarity index 100% rename from pkg/agent/testdata/RawUbuntuContainerd/line307.sh rename to pkg/agent/testdata/RawUbuntuContainerd/line300.sh diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line321.sh b/pkg/agent/testdata/RawUbuntuContainerd/line314.sh similarity index 100% rename from pkg/agent/testdata/RawUbuntuContainerd/line321.sh rename to pkg/agent/testdata/RawUbuntuContainerd/line314.sh diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line40.sh b/pkg/agent/testdata/RawUbuntuContainerd/line40.sh index c8d27be086a..67d3e31825b 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line40.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line40.sh @@ -21,7 +21,6 @@ TELEPORTD_PLUGIN_DOWNLOAD_DIR="/opt/teleportd/downloads" CREDENTIAL_PROVIDER_DOWNLOAD_DIR="/opt/credentialprovider/downloads" CREDENTIAL_PROVIDER_BIN_DIR="/var/lib/kubelet/credential-provider" TELEPORTD_PLUGIN_BIN_DIR="/usr/local/bin" -MANIFEST_FILEPATH="/opt/azure/manifest.json" COMPONENTS_FILEPATH="/opt/azure/components.json" MAN_DB_AUTO_UPDATE_FLAG_FILEPATH="/var/lib/man-db/auto-update" CURL_OUTPUT=/tmp/curl_verbose.out diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line77.sh b/pkg/agent/testdata/RawUbuntuContainerd/line77.sh index 01efed1dfe3..e69de29bb2d 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line77.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line77.sh @@ -1,2 +0,0 @@ -{} -#EOF diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line84.sh b/pkg/agent/testdata/RawUbuntuContainerd/line84.sh index e69de29bb2d..84d8f8077d9 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line84.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line84.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -o nounset +set -o pipefail + +get-apiserver-ip-from-tags() { + tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") + if [ "$?" == "0" ]; then + IFS=";" read -ra tagList <<< "$tags" + for i in "${tagList[@]}"; do + tagKey=$(cut -d":" -f1 <<<$i) + tagValue=$(cut -d":" -f2 <<<$i) + if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then + echo -n "$tagValue" + return + fi + done + fi + echo -n "" +} + +SLEEP_SECONDS=15 +clusterFQDN="${KUBE_API_SERVER_NAME}" +if [[ $clusterFQDN != *.privatelink.* ]]; then + echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" + exit 0 +fi +echo "clusterFQDN: $clusterFQDN" + +while true; do + clusterIP=$(get-apiserver-ip-from-tags) + if [ -z $clusterIP ]; then + sleep "${SLEEP_SECONDS}" + continue + fi + if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then + echo -n "" + else + sudo sed -i "/$clusterFQDN/d" /etc/hosts + echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null + echo "Updated $clusterFQDN to $clusterIP" + fi + sleep "${SLEEP_SECONDS}" +done + +#EOF diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line91.sh b/pkg/agent/testdata/RawUbuntuContainerd/line91.sh index 84d8f8077d9..a529b626472 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line91.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line91.sh @@ -1,46 +1,8 @@ -#!/bin/bash - -set -o nounset -set -o pipefail - -get-apiserver-ip-from-tags() { - tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text") - if [ "$?" == "0" ]; then - IFS=";" read -ra tagList <<< "$tags" - for i in "${tagList[@]}"; do - tagKey=$(cut -d":" -f1 <<<$i) - tagValue=$(cut -d":" -f2 <<<$i) - if echo $tagKey | grep -iq "^aksAPIServerIPAddress$"; then - echo -n "$tagValue" - return - fi - done - fi - echo -n "" -} - -SLEEP_SECONDS=15 -clusterFQDN="${KUBE_API_SERVER_NAME}" -if [[ $clusterFQDN != *.privatelink.* ]]; then - echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster" - exit 0 -fi -echo "clusterFQDN: $clusterFQDN" - -while true; do - clusterIP=$(get-apiserver-ip-from-tags) - if [ -z $clusterIP ]; then - sleep "${SLEEP_SECONDS}" - continue - fi - if grep -q "$clusterIP $clusterFQDN" /etc/hosts; then - echo -n "" - else - sudo sed -i "/$clusterFQDN/d" /etc/hosts - echo "$clusterIP $clusterFQDN" | sudo tee -a /etc/hosts > /dev/null - echo "Updated $clusterFQDN to $clusterIP" - fi - sleep "${SLEEP_SECONDS}" -done - -#EOF +[Unit] +Description=Reconcile /etc/hosts file for private cluster +[Service] +Type=simple +Restart=on-failure +ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/pkg/agent/testdata/RawUbuntuContainerd/line98.sh b/pkg/agent/testdata/RawUbuntuContainerd/line98.sh index a529b626472..dd335c71cfd 100644 --- a/pkg/agent/testdata/RawUbuntuContainerd/line98.sh +++ b/pkg/agent/testdata/RawUbuntuContainerd/line98.sh @@ -1,8 +1,35 @@ [Unit] -Description=Reconcile /etc/hosts file for private cluster +Description=Kubelet +ConditionPathExists=/usr/local/bin/kubelet +Wants=network-online.target containerd.service +After=network-online.target containerd.service + [Service] -Type=simple -Restart=on-failure -ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh +Restart=always +RestartSec=2 +EnvironmentFile=/etc/default/kubelet +SuccessExitStatus=143 +ExecStartPre=/bin/bash /opt/azure/containers/kubelet.sh +ExecStartPre=/bin/bash /opt/azure/containers/ensure_imds_restriction.sh +ExecStartPre=/bin/mkdir -p /var/lib/kubelet +ExecStartPre=/bin/mkdir -p /var/lib/cni +ExecStartPre=/bin/bash -c "if [ $(mount | grep \"/var/lib/kubelet\" | wc -l) -le 0 ] ; then /bin/mount --bind /var/lib/kubelet /var/lib/kubelet ; fi" +ExecStartPre=/bin/mount --make-shared /var/lib/kubelet + +ExecStartPre=-/sbin/ebtables -t nat --list +ExecStartPre=-/sbin/iptables -t nat --numeric --list + +ExecStart=/usr/local/bin/kubelet \ + --enable-server \ + --node-labels="${KUBELET_NODE_LABELS}" \ + --v=2 \ + --volume-plugin-dir=/etc/kubernetes/volumeplugins \ + $KUBELET_TLS_BOOTSTRAP_FLAGS \ + $KUBELET_CONFIG_FILE_FLAGS \ + $KUBELET_CONTAINERD_FLAGS \ + $KUBELET_CONTAINER_RUNTIME_FLAG \ + $KUBELET_CGROUP_FLAGS \ + $KUBELET_FLAGS + [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/vhdbuilder/packer/pre-install-dependencies.sh b/vhdbuilder/packer/pre-install-dependencies.sh index 44a2206abd7..a29f600380b 100644 --- a/vhdbuilder/packer/pre-install-dependencies.sh +++ b/vhdbuilder/packer/pre-install-dependencies.sh @@ -20,7 +20,6 @@ CPU_ARCH=$(getCPUArch) #amd64 or arm64 VHD_LOGS_FILEPATH=/opt/azure/vhd-install.complete COMPONENTS_FILEPATH=/opt/azure/components.json PERFORMANCE_DATA_FILE=/opt/azure/vhd-build-performance-data.json -MANIFEST_FILEPATH=/opt/azure/manifest.json #this is used by post build test to check whether the compoenents do indeed exist cat components.json > ${COMPONENTS_FILEPATH} cat manifest.json > ${MANIFEST_FILEPATH} diff --git a/vhdbuilder/packer/test/linux-vhd-content-test.sh b/vhdbuilder/packer/test/linux-vhd-content-test.sh index c12e03e774d..6fb571050bc 100644 --- a/vhdbuilder/packer/test/linux-vhd-content-test.sh +++ b/vhdbuilder/packer/test/linux-vhd-content-test.sh @@ -1,6 +1,5 @@ #!/bin/bash COMPONENTS_FILEPATH=/opt/azure/components.json -MANIFEST_FILEPATH=/opt/azure/manifest.json VHD_LOGS_FILEPATH=/opt/azure/vhd-install.complete UBUNTU_OS_NAME="UBUNTU" MARINER_OS_NAME="MARINER"