PureStorage.CBS.AVS.Monitor.ps1
|
$SCHEMA_VERSION = "1.1.0" function Update-ResourceGroupTags { Param( [Parameter(Mandatory=$true)] [String]$MonitorResourceGroup, [Parameter(Mandatory=$true)] [ValidateSet("host", "capacity")] [String]$MonitorType, [Parameter(Mandatory=$true)] [bool] $IsFreshDeployment ) # Add tag to resource group $ResourceGroup = Get-AzResourceGroup $MonitorResourceGroup -ErrorAction ignore if (-not $ResourceGroup) { throw "Resource group $MonitorResourceGroup does not exist" } $Tags = $ResourceGroup.Tags if ($MonitorType -eq "host") { $Tags["PureStorage.CBS.AVS.HostMonitor"] = "True" } if ($MonitorType -eq "capacity") { if (-not $IsFreshDeployment) { # For backward compatibility, set the HostMonitor tag to true if we are adding a deployment to existing HostMonitor deployment if (-not $Tags["PureStorage.CBS.AVS.CapacityMonitor"] ){ # If CapacityMonitor tag was already set, then compatability check was done in the past $Tags["PureStorage.CBS.AVS.HostMonitor"] = "True" } } $Tags["PureStorage.CBS.AVS.CapacityMonitor"] = "True" } $Tags['PureStorage.CBS.AVS'] = $ProductVersion $Tags["PureStorage.CBS.AVS.SCHEMA_VERSION"] = $SCHEMA_VERSION Set-AzResourceGroup -Name $MonitorResourceGroup -Tag $Tags } function Deploy-MonitoringResource { param ( [Parameter(Mandatory=$true)] [String]$MonitorResourceGroup, [Parameter(Mandatory=$true)] [String]$MonitorResourceGroupRegion, [Parameter(Mandatory=$true)] [String]$AVSCloudName, [Parameter(Mandatory=$true)] [String]$AVSResourceGroup, [Parameter(Mandatory=$true)] [String]$VNetName, [Parameter(Mandatory=$true)] [String]$VNetResourceGroup, [Parameter(ParameterSetName='NewSubnet', Mandatory=$true)] [String]$VNetSubnetAddress, [Parameter(ParameterSetName='ExistingSubnet', Mandatory=$true)] [Parameter(ParameterSetName='NewSubnet', Mandatory=$false)] [String]$VNetSubnetName, [Parameter(Mandatory=$false)] [int]$MonitorIntervalInMinute, [Parameter(Mandatory=$false)] [ValidateRange(1, 100)] [int] $DefaultUtilizationThreshold=$DEFAULT_UTILIZATION_THRESHOLD, [Parameter(Mandatory=$true)] [ValidateSet("host", "capacity")] [string]$MonitorType ) $ProductVersion = (Get-Module "PureStorage.CBS.AVS").Version.ToString() $ResourceGroup = Get-AzResourceGroup $MonitorResourceGroup -ErrorAction ignore if (-not $ResourceGroup) { $IsFreshDeployment = $true Write-Host "Resource group $MonitorResourceGroup does not exist. Creating the resource group..." New-AzResourceGroup $MonitorResourceGroup -Location $MonitorResourceGroupRegion -Tag @{'PureStorage.CBS.AVS' = $ProductVersion } | Out-Null } else { if ($ResourceGroup.Tags["PureStorage.CBS.AVS"]) { $IsFreshDeployment = $false } if ($ResourceGroup.location -ne $MonitorResourceGroupRegion) { throw "The resource group $MonitorResourceGroup exists but its region $($ResourceGroup.location) does not match provided region $MonitorResourceGroupRegion" } # If the resource group exists and it's empty, we'll use the resource group even though there is no tag $Resources = Get-AzResource -ResourceGroupName $MonitorResourceGroup if (($Resources.Count -ne 0) -and (-not $ResourceGroup.Tags["PureStorage.CBS.AVS"])) { throw "The resource group $MonitorResourceGroup exists but not used by Pure Storage AVS monitor. Please select another name for Pure Storage monitor" } Update-ResourceGroupTags -MonitorResourceGroup $MonitorResourceGroup -MonitorType $MonitorType -IsFreshDeployment $IsFreshDeployment } $DeploymentId = (New-Guid).ToString() $DeploymentParams = @{ "AVSCloudName" = $AVSCloudName; "AVSResourceGroup" = $AVSResourceGroup; "VNetName" = $VNetName; "VNetResourceGroupName" = $VNetResourceGroup; "MonitorIntervalInMinute" = $MonitorIntervalInMinute "DeploymentId" = $DeploymentId } if ($MonitorType -eq "capacity") { $DeploymentTemplatePath = Join-Path -Path $PSScriptRoot -ChildPath 'templates/BaseMonitor' -AdditionalChildPath 'Main.bicep' $DeploymentParams["DeploymentType"] = "CapacityMonitor" $DeploymentParams["DefaultUtilizationThreshold"] = $DefaultUtilizationThreshold } if ($MonitorType -eq "host") { $DeploymentTemplatePath = Join-Path -Path $PSScriptRoot -ChildPath 'templates/BaseMonitor' -AdditionalChildPath 'Main.bicep' $DeploymentParams["DeploymentType"] = "HostMonitor" } if ($VNetSubnetAddress) { $DeploymentParams["SubnetAddressRange"] = $VNetSubnetAddress } if ($VNetSubnetName) { $DeploymentParams["SubnetName"] = $VNetSubnetName } Write-Host "Deploying monitoring infrastructure to Azure..." New-AzResourceGroupDeployment -Name "PCBSMonitorDeployment_$DeploymentId" -ResourceGroupName $MonitorResourceGroup ` -TemplateFile $DeploymentTemplatePath -TemplateParameterObject $DeploymentParams } function Add-MonitorArray { param ( [Parameter(Mandatory=$true)] [String]$MonitorResourceGroup, [Parameter(Mandatory=$true)] [String]$PureCloudBlockStoreEndpoint, [Parameter(Mandatory=$true)] [pscredential]$PureCloudBlockStoreCredential, [Parameter(Mandatory=$false)] [int] $UtilizationThreshold, [Parameter(Mandatory=$true)] [ValidateSet("host", "capacity")] [String]$MonitorType, [Parameter(Mandatory=$false)] [Switch]$Force ) $ResourceGroup = Get-AzResourceGroup -Name $MonitorResourceGroup if (-not $ResourceGroup) { throw "Resource group $MonitorResourceGroup does not exist" } if (-not $ResourceGroup.Tags["PureStorage.CBS.AVS"]) { throw "Resouce group $MonitorResourceGroup specified does not host Pure Storage monitor" } $PureCloudBlockStoreEndpointOrigin = $PureCloudBlockStoreEndpoint Write-Host "Adding Pure Cloud Block Store $PureCloudBlockStoreEndpointOrigin to monitor resource group $MonitorResourceGroup..." $UserPrincipalName = (Get-AzContext).Account.Id $KeyVault = Get-AzKeyVault -ResourceGroupName $MonitorResourceGroup Set-AzKeyVaultAccessPolicy -VaultName $KeyVault.VaultName -UserPrincipalName $UserPrincipalName -PermissionsToSecrets set,delete,get,purge,list if ($Force) { Write-Warning "Warning skipping check for $PureCloudBlockStoreEndpoint connectivity." } else { # Make sure the credential works before adding to the monitor $Array = Connect-Pfa2array -Endpoint $PureCloudBlockStoreEndpoint -Credential $PureCloudBlockStoreCredential -IgnoreCertificateError -ErrorAction Ignore if (-not $Array) { $msg = "Failed to connect to the Pure Cloud Block Store. Please check the endpoint and credential of the Pure Cloud Block Store." throw $msg } } if ($PureCloudBlockStoreEndpoint -match "^\d+.\d+.\d+.\d+$") { $PureCloudBlockStoreEndpoint = $PureCloudBlockStoreEndpoint.Replace(".", "-") } $data_prefix = "" if ($MonitorType -eq "capacity") { $data_prefix = "capacity-" } $Secret = Get-AzKeyVaultSecret -VaultName $KeyVault.VaultName | where-object {$_.Name -eq "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}username"} if ($Secret) { Write-Host "Overriding the existing credential for Pure Cloud Block Store $PureCloudBlockStoreEndpointOrigin..." } Set-AzKeyVaultSecret -VaultName $KeyVault.VaultName -Name "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}username" -SecretValue (ConvertTo-SecureString -String $PureCloudBlockStoreCredential.UserName -AsPlainText -Force) Set-AzKeyVaultSecret -VaultName $KeyVault.VaultName -Name "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}password" -SecretValue $PureCloudBlockStoreCredential.Password if ($MonitorType -eq "capacity") { if ($UtilizationThreshold) { Set-AzKeyVaultSecret -VaultName $KeyVault.VaultName -Name "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}threshold" -SecretValue (ConvertTo-SecureString -String $UtilizationThreshold -AsPlainText -Force) } } Write-Host "The Pure Cloud Block Store $PureCloudBlockStoreEndpointOrigin is successfully added to monitor resource group $MonitorResourceGroup."\ } function Remove-FunctionFromFunctionApp { Param( [Parameter(Mandatory = $true)] [String] $ResourceGroupName, [Parameter(Mandatory = $true)] [String]$FunctionName, [Parameter(Mandatory = $true)] [String]$FunctionAppName ) $Context = Get-AzContext $SubscriptionId = $Context.Subscription.Id Write-Host "Removing function $FunctionName from FunctinApp $FunctionAppName..." $uri = "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Web/sites/$FunctionAppName/functions/$($FunctionName)?api-version=2016-08-01" Invoke-AzRest -Method DELETE -Path $uri } function Remove-Monitor { Param( [Parameter(Mandatory = $true)] [String]$MonitorResourceGroup, [Parameter(Mandatory = $true)] [ValidateSet("host", "capacity")] [String]$MonitorType, [Parameter(Mandatory = $false)] [Switch]$RemoveSubnet ) $ResourceGroup = Get-AzResourceGroup $MonitorResourceGroup -ErrorAction ignore if (-not $ResourceGroup) { throw "Pure Storage monitor $MonitorResourceGroup does not exist" } if ([string]::IsNullOrEmpty($ResourceGroup.Tags["PureStorage.CBS.AVS"])) { throw "The resource group provided is not Pure Storage monitor resource group. Only Pure Storage monitor resource group can be removed by this command" } # smartDetector is auto configured without tag. Ignore this component $NonMonitorResources = Get-AzResource -ResourceGroupName $MonitorResourceGroup | Where-Object { [string]::IsNullOrEmpty($_.tags["AVSMonitorResourceGroupName"]) -and $_.ResourceType -ne "microsoft.alertsmanagement/smartDetectorAlertRules"} if ($NonMonitorResources.Count -ge 1) { throw "Non Pure Storage monitor resource $($MonitorResources.Name) detected. Please manually remove the resource before removing the whole monitor" } $MonitorFuncApp = Get-AzFunctionApp -ResourceGroupName $MonitorResourceGroup $MonitorKeyVault = Get-AzKeyVault -ResourceGroupName $MonitorResourceGroup # Vnet name here is constructed as {vNetResouceGUI}-{SubnetName} # eg. fece391b-8f4e-4e05-a203-e5961cdd9fd1_subnet-avsfuncappsbqzuuqxofe2q $vNetResourceGUID = $MonitorFuncApp.SiteConfig.VnetName.Split("_")[0] $MonitorSubnetName = $MonitorFuncApp.SiteConfig.VnetName.Split("_")[1] $MonitorVNet = Get-AzVirtualNetwork | Where-Object {$_.ResourceGuid -eq $vNetResourceGUID} # Check if we need to do partial removal $IsPartial = $false if ($MonitorType -eq "host") { if ($ResourceGroup.Tags["PureStorage.CBS.AVS.CapacityMonitor"]) { $IsPartial = $true if ($RemoveSubnet) { throw "Cannot remove subnet when the monitor resource group $MonitorResourceGroup is hosting capacity monitor. Please remove the capacity monitor first" } Write-Warning "The monitor resource group $MonitorResourceGroup is hosting capacity monitor. Removing only the host monitor resources" Remove-FunctionFromFunctionApp -ResourceGroupName $MonitorResourceGroup -FunctionName "BuildClusterTrigger" -FunctionAppName $MonitorFuncApp.Name $Tags = $ResourceGroup.Tags $Tags.Remove("PureStorage.CBS.AVS.HostMonitor") Set-AzResourceGroup -Name $MonitorResourceGroup -Tag $Tags } } if ($MonitorType -eq "capacity") { if ($ResourceGroup.Tags["PureStorage.CBS.AVS.HostMonitor"]) { $IsPartial = $true if ($RemoveSubnet) { throw "Cannot remove subnet when the monitor resource group $MonitorResourceGroup is hosting host monitor. Please remove the host monitor first" } Write-Warning "The monitor resource group $MonitorResourceGroup is hosting host monitor. Removing only the capacity monitor resources" Remove-FunctionFromFunctionApp -ResourceGroupName $MonitorResourceGroup -FunctionName "CapacityMonitorTrigger" -FunctionAppName $MonitorFuncApp.Name $Tags = $ResourceGroup.Tags $Tags.Remove("PureStorage.CBS.AVS.CapacityMonitor") Set-AzResourceGroup -Name $MonitorResourceGroup -Tag $Tags } } if (-not $IsPartial) { Write-Host "Removing resource group $MonitorResourceGroup..." Remove-AzResourceGroup $MonitorResourceGroup -Force | Out-Null # Remove subnet if ($RemoveSubnet) { Write-Host "Removing subnet $MonitorSubnetName from vNet $($MonitorVNet.Name)..." Remove-AzVirtualNetworkSubnetConfig -Name $MonitorSubnetName -VirtualNetwork $MonitorVNet | Set-AzVirtualNetwork | Out-Null } # Purge key vault Write-Host "Purging key vault $($MonitorKeyVault.VaultName)..." Remove-AzKeyVault -Name $MonitorKeyVault.VaultName -InRemovedState -Force -Location $ResourceGroup.Location | Out-Null } } function Remove-MonitorArray { Param ( [Parameter(Mandatory=$true)] [String]$MonitorResourceGroup, [Parameter(Mandatory=$true)] [String]$PureCloudBlockStoreEndpoint, [Parameter(Mandatory=$true)] [ValidateSet("host", "capacity")] [String]$MonitorType ) $ResourceGroup = Get-AzResourceGroup -Name $MonitorResourceGroup if (-not $ResourceGroup) { throw "Resource group $MonitorResourceGroup does not exist" } if (-not $ResourceGroup.Tags["PureStorage.CBS.AVS"]) { throw "Resouce group $MonitorResourceGroup specified does not host Pure Storage CBS AVS monitor" } $PureCloudBlockStoreEndpointOrigin = $PureCloudBlockStoreEndpoint $KeyVault = Get-AzKeyVault -ResourceGroupName $MonitorResourceGroup Write-Host "Removing Pure Cloud Block Store $PureCloudBlockStoreEndpointOrigin from monitor resource group $MonitorResourceGroup..." $UserPrincipalName = (Get-AzContext).Account.Id Set-AzKeyVaultAccessPolicy -VaultName $KeyVault.VaultName -UserPrincipalName $UserPrincipalName -PermissionsToSecrets set,delete,get,purge,list if ($PureCloudBlockStoreEndpoint -match "^\d+.\d+.\d+.\d+$") { $PureCloudBlockStoreEndpoint = $PureCloudBlockStoreEndpoint.Replace(".", "-") } $data_prefix = "" if ($MonitorType -eq "capacity") { $data_prefix = "capacity-" } $Secret = Get-AzKeyVaultSecret -VaultName $KeyVault.VaultName | where-object {$_.Name -eq "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}username"} if (-not $Secret) { throw "Pure Cloud Block Store $PureCloudBlockStoreEndpointOrigin does not exist in the monitor resource group $MonitorResourceGroup" } Remove-AzKeyVaultSecret -VaultName $KeyVault.VaultName -Name "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}username" -Force Remove-AzKeyVaultSecret -VaultName $KeyVault.VaultName -Name "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}password" -Force # Purge secret Purge-AzureSecretWithRetry -KeyVaultName $KeyVault.VaultName -SecretName "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}username" Purge-AzureSecretWithRetry -KeyVaultName $KeyVault.VaultName -SecretName "$($PureCloudBlockStoreEndpoint)-$($KeyVault.VaultName)-${data_prefix}password" Write-Host "The Pure Cloud Block Store $PureCloudBlockStoreEndpointOrigin is successfully removed." } # SIG # Begin signature block # MIIXRQYJKoZIhvcNAQcCoIIXNjCCFzICAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBnQQvZCaHvtg+f # ng8YmCqzgnOSVg9RYVplS5mSV9g6uKCCE2gwggVyMIIDWqADAgECAhB2U/6sdUZI # k/Xl10pIOk74MA0GCSqGSIb3DQEBDAUAMFMxCzAJBgNVBAYTAkJFMRkwFwYDVQQK # ExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENvZGUgU2ln # bmluZyBSb290IFI0NTAeFw0yMDAzMTgwMDAwMDBaFw00NTAzMTgwMDAwMDBaMFMx # CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQD # EyBHbG9iYWxTaWduIENvZGUgU2lnbmluZyBSb290IFI0NTCCAiIwDQYJKoZIhvcN # AQEBBQADggIPADCCAgoCggIBALYtxTDdeuirkD0DcrA6S5kWYbLl/6VnHTcc5X7s # k4OqhPWjQ5uYRYq4Y1ddmwCIBCXp+GiSS4LYS8lKA/Oof2qPimEnvaFE0P31PyLC # o0+RjbMFsiiCkV37WYgFC5cGwpj4LKczJO5QOkHM8KCwex1N0qhYOJbp3/kbkbuL # ECzSx0Mdogl0oYCve+YzCgxZa4689Ktal3t/rlX7hPCA/oRM1+K6vcR1oW+9YRB0 # RLKYB+J0q/9o3GwmPukf5eAEh60w0wyNA3xVuBZwXCR4ICXrZ2eIq7pONJhrcBHe # OMrUvqHAnOHfHgIB2DvhZ0OEts/8dLcvhKO/ugk3PWdssUVcGWGrQYP1rB3rdw1G # R3POv72Vle2dK4gQ/vpY6KdX4bPPqFrpByWbEsSegHI9k9yMlN87ROYmgPzSwwPw # jAzSRdYu54+YnuYE7kJuZ35CFnFi5wT5YMZkobacgSFOK8ZtaJSGxpl0c2cxepHy # 1Ix5bnymu35Gb03FhRIrz5oiRAiohTfOB2FXBhcSJMDEMXOhmDVXR34QOkXZLaRR # kJipoAc3xGUaqhxrFnf3p5fsPxkwmW8x++pAsufSxPrJ0PBQdnRZ+o1tFzK++Ol+ # A/Tnh3Wa1EqRLIUDEwIrQoDyiWo2z8hMoM6e+MuNrRan097VmxinxpI68YJj8S4O # JGTfAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G # A1UdDgQWBBQfAL9GgAr8eDm3pbRD2VZQu86WOzANBgkqhkiG9w0BAQwFAAOCAgEA # Xiu6dJc0RF92SChAhJPuAW7pobPWgCXme+S8CZE9D/x2rdfUMCC7j2DQkdYc8pzv # eBorlDICwSSWUlIC0PPR/PKbOW6Z4R+OQ0F9mh5byV2ahPwm5ofzdHImraQb2T07 # alKgPAkeLx57szO0Rcf3rLGvk2Ctdq64shV464Nq6//bRqsk5e4C+pAfWcAvXda3 # XaRcELdyU/hBTsz6eBolSsr+hWJDYcO0N6qB0vTWOg+9jVl+MEfeK2vnIVAzX9Rn # m9S4Z588J5kD/4VDjnMSyiDN6GHVsWbcF9Y5bQ/bzyM3oYKJThxrP9agzaoHnT5C # JqrXDO76R78aUn7RdYHTyYpiF21PiKAhoCY+r23ZYjAf6Zgorm6N1Y5McmaTgI0q # 41XHYGeQQlZcIlEPs9xOOe5N3dkdeBBUO27Ql28DtR6yI3PGErKaZND8lYUkqP/f # obDckUCu3wkzq7ndkrfxzJF0O2nrZ5cbkL/nx6BvcbtXv7ePWu16QGoWzYCELS/h # AtQklEOzFfwMKxv9cW/8y7x1Fzpeg9LJsy8b1ZyNf1T+fn7kVqOHp53hWVKUQY9t # W76GlZr/GnbdQNJRSnC0HzNjI3c/7CceWeQIh+00gkoPP/6gHcH1Z3NFhnj0qinp # J4fGGdvGExTDOUmHTaCX4GUT9Z13Vunas1jHOvLAzYIwggbmMIIEzqADAgECAhB3 # vQ4DobcI+FSrBnIQ2QRHMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAkJFMRkw # FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENv # ZGUgU2lnbmluZyBSb290IFI0NTAeFw0yMDA3MjgwMDAwMDBaFw0zMDA3MjgwMDAw # MDBaMFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8w # LQYDVQQDEyZHbG9iYWxTaWduIEdDQyBSNDUgQ29kZVNpZ25pbmcgQ0EgMjAyMDCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANZCTfnjT8Yj9GwdgaYw90g9 # z9DljeUgIpYHRDVdBs8PHXBg5iZU+lMjYAKoXwIC947Jbj2peAW9jvVPGSSZfM8R # Fpsfe2vSo3toZXer2LEsP9NyBjJcW6xQZywlTVYGNvzBYkx9fYYWlZpdVLpQ0LB/ # okQZ6dZubD4Twp8R1F80W1FoMWMK+FvQ3rpZXzGviWg4QD4I6FNnTmO2IY7v3Y2F # QVWeHLw33JWgxHGnHxulSW4KIFl+iaNYFZcAJWnf3sJqUGVOU/troZ8YHooOX1Re # veBbz/IMBNLeCKEQJvey83ouwo6WwT/Opdr0WSiMN2WhMZYLjqR2dxVJhGaCJedD # CndSsZlRQv+hst2c0twY2cGGqUAdQZdihryo/6LHYxcG/WZ6NpQBIIl4H5D0e6lS # TmpPVAYqgK+ex1BC+mUK4wH0sW6sDqjjgRmoOMieAyiGpHSnR5V+cloqexVqHMRp # 5rC+QBmZy9J9VU4inBDgoVvDsy56i8Te8UsfjCh5MEV/bBO2PSz/LUqKKuwoDy3K # 1JyYikptWjYsL9+6y+JBSgh3GIitNWGUEvOkcuvuNp6nUSeRPPeiGsz8h+WX4VGH # aekizIPAtw9FbAfhQ0/UjErOz2OxtaQQevkNDCiwazT+IWgnb+z4+iaEW3VCzYkm # eVmda6tjcWKQJQ0IIPH/AgMBAAGjggGuMIIBqjAOBgNVHQ8BAf8EBAMCAYYwEwYD # VR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU # 2rONwCSQo2t30wygWd0hZ2R2C3gwHwYDVR0jBBgwFoAUHwC/RoAK/Hg5t6W0Q9lW # ULvOljswgZMGCCsGAQUFBwEBBIGGMIGDMDkGCCsGAQUFBzABhi1odHRwOi8vb2Nz # cC5nbG9iYWxzaWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUwRgYIKwYBBQUHMAKG # Omh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2NvZGVzaWduaW5n # cm9vdHI0NS5jcnQwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5nbG9iYWxz # aWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUuY3JsMFYGA1UdIARPME0wQQYJKwYB # BAGgMgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t # L3JlcG9zaXRvcnkvMAgGBmeBDAEEATANBgkqhkiG9w0BAQsFAAOCAgEACIhyJsav # +qxfBsCqjJDa0LLAopf/bhMyFlT9PvQwEZ+PmPmbUt3yohbu2XiVppp8YbgEtfjr # y/RhETP2ZSW3EUKL2Glux/+VtIFDqX6uv4LWTcwRo4NxahBeGQWn52x/VvSoXMNO # Ca1Za7j5fqUuuPzeDsKg+7AE1BMbxyepuaotMTvPRkyd60zsvC6c8YejfzhpX0FA # Z/ZTfepB7449+6nUEThG3zzr9s0ivRPN8OHm5TOgvjzkeNUbzCDyMHOwIhz2hNab # XAAC4ShSS/8SS0Dq7rAaBgaehObn8NuERvtz2StCtslXNMcWwKbrIbmqDvf+28rr # vBfLuGfr4z5P26mUhmRVyQkKwNkEcUoRS1pkw7x4eK1MRyZlB5nVzTZgoTNTs/Z7 # KtWJQDxxpav4mVn945uSS90FvQsMeAYrz1PYvRKaWyeGhT+RvuB4gHNU36cdZytq # tq5NiYAkCFJwUPMB/0SuL5rg4UkI4eFb1zjRngqKnZQnm8qjudviNmrjb7lYYuA2 # eDYB+sGniXomU6Ncu9Ky64rLYwgv/h7zViniNZvY/+mlvW1LWSyJLC9Su7UpkNpD # R7xy3bzZv4DB3LCrtEsdWDY3ZOub4YUXmimi/eYI0pL/oPh84emn0TCOXyZQK8ei # 4pd3iu/YTT4m65lAYPM8Zwy2CHIpNVOBNNwwggcEMIIE7KADAgECAgxcuW61kTkv # +4t8zgQwDQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEds # b2JhbFNpZ24gbnYtc2ExLzAtBgNVBAMTJkdsb2JhbFNpZ24gR0NDIFI0NSBDb2Rl # U2lnbmluZyBDQSAyMDIwMB4XDTI0MDMxMTE0MDQxMloXDTI3MDMxMjE0MDQxMlow # cjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1Nh # bnRhIENsYXJhMRswGQYDVQQKExJQdXJlIFN0b3JhZ2UsIEluYy4xGzAZBgNVBAMT # ElB1cmUgU3RvcmFnZSwgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAMCQrioSn48IvHpTg5dofsUYj/pNTDidwjYUrcxVu78NoyhSweG8FhcxDi/S # I40+8Fccl3D5ZoqpjkFnGhzSwmpxU3J4AP7+fdTZht9eWD1I5qKY07esYwdPDV4y # g+csPfdGPqI2XjRfT5UC3YkXQeUrX8KQZldD4KqvgxzpYcuBwsgHbTb/eArpi68Y # gFR2jgZGyZigfy8RuJMrL1thcBOe/VWjUyK21wVT8cuunBYFaStLHhsRBRMDcZBD # uTSGC4evE6oaCqlQbdMl9YFJ64mDQsKlCxrr7rmLVtcVzKGwmjp4b2xRwE+RmTh6 # JtrUL9Wx/3a3UzgAnDNimfwp85zoL48kyLtHqQ3FI8tVKGm+aBOgBZfmURoy7fbp # 4zKhGgqFbpOmILO16i4f999YsEEJQgIF3CtyH1R60/ZZWlDmoeeEgjAGrnd14muU # 5Hk3Cksr43uPUAg+fV78Y0fDV85ibm42ZwwPuz6MI4HhYNUlGzRwIQ31vjaGuAMW # HNqFKkcO0JuIeHQ/gFKPnYIxnGC9H9R4Kw/uMezqtnYJwGU2epB/ABl/w7U4NgU2 # ZOxWB5BFy4frZ3f+hNgbjFUjMaXnVFotOJxXntzjdSl4znw8DaKiC5ooChteZMIT # G9p078p/TUsOJQbUtFADSY1hsfCfB7t+gJSNt5peS9GOZIMVAgMBAAGjggGxMIIB # rTAOBgNVHQ8BAf8EBAMCB4AwgZsGCCsGAQUFBwEBBIGOMIGLMEoGCCsGAQUFBzAC # hj5odHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2djY3I0NWNv # ZGVzaWduY2EyMDIwLmNydDA9BggrBgEFBQcwAYYxaHR0cDovL29jc3AuZ2xvYmFs # c2lnbi5jb20vZ3NnY2NyNDVjb2Rlc2lnbmNhMjAyMDBWBgNVHSAETzBNMEEGCSsG # AQQBoDIBMjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv # bS9yZXBvc2l0b3J5LzAIBgZngQwBBAEwCQYDVR0TBAIwADBFBgNVHR8EPjA8MDqg # OKA2hjRodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjQ1Y29kZXNpZ25j # YTIwMjAuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQYMBaAFNqzjcAk # kKNrd9MMoFndIWdkdgt4MB0GA1UdDgQWBBSzJ9KiDCa3UBiAajy+Iioj5kQjzDAN # BgkqhkiG9w0BAQsFAAOCAgEAHsFQixeQEcoHurq9NWSUt4S39Q+UGP6crmVq3Wwy # 9g23YbdWg+SgMxoLUqdoDfA4k4B6Dyoo0jEQzn2kxnsnT9lNHKrcZHH88dv0hjfi # H2qAiQWazPjS3LhK2J6nhpyipJPpyRaSQG4x4aG0NB2D4WUfUz9CGAYsERJGww/w # kTaaxMipttKDTaI1C49u1igDfRzIO+Q8vuyyBFLiYTno/df97xtjNC+KxxFhDhl/ # 4tawK6kwxaVzCMAfj48I67Wbo4DMH6pM1s19as7c3qp92i3MylGKsB6+u+o7UkbS # dLNkS4ALI33CJOUc+GoK3Nt5IXXCFJTQFHBXkBdAur3gmlXEm8vlNG/1Sbxr0H7T # 1e7ABGH/48o/+PeMLuCc72EeK5dJ4cX9NEQ3QnTsZHwGnYzjEOvOvP0s1c7yNsDb # cUHoIqQvb5xS5aqMU5G+8sdPQ1nwpPf7gGaEEbAVW4w51Pam42qeN9HIPa+ZinXn # sN02Kk1Qw0QwUqzaQy9W/gIquI0KOjw0LmoW9M/8S0lrjpEq2eEeUw9WQLhhUEIi # rFxGPtjqiCLiiS9CZ+kf2vWLJKUspkYv+OHT3q805Zg1dJsBFAzEYUFLb1mhmigD # EO9bsMorjECIL2ijE5zHtbGkalrrsPWu8tiDT/B7P9GSYzKfOOy4PoOIfWSK0Ixl # S7IxggMzMIIDLwIBATBpMFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT # aWduIG52LXNhMS8wLQYDVQQDEyZHbG9iYWxTaWduIEdDQyBSNDUgQ29kZVNpZ25p # bmcgQ0EgMjAyMAIMXLlutZE5L/uLfM4EMA0GCWCGSAFlAwQCAQUAoIGcMBkGCSqG # SIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3 # AgEVMC8GCSqGSIb3DQEJBDEiBCA01xwk4BvhxX5hgyDRYBkL/Gaf0CnJsyV3zud9 # zutj4DAwBgorBgEEAYI3AgEMMSIwIKACgAChGoAYaHR0cHM6Ly9wdXJlc3RvcmFn # ZS5jb20gMA0GCSqGSIb3DQEBAQUABIICAFKWcETe6jOqlYGBaa26IFiNlrUT3hu9 # TXRouNuIhLkzAZ+qen3nUMy+52XPKOQT2ggtpP5b41zqA2Use+MfOGnH5qNs69hq # SedTOs4AmP3wOyduZzHs9O69ajxWSIDm6e7co9KVMBFp+b0fKmW4/H9JLAywosL8 # 3n6oNCYYVUFlPSySOzxkU+kZ8jeyWr2BR5wbdZC9atM9f9Cw95hpbOg9U+UV9yL3 # 23NaqmsM+Cwn01EJ8FlADY15u14+rx/wvCEuf4L2ZL0mUR8aY/ZGDEBaknmtKpGe # kD2AxijpDydN+GQwlcB/b8rikQAuTpGD9L+bqwxwKIMdcWLoUjZxV6Dou5U19LCa # RF1LRqd1M4s11VESlz40dTfCN8kbX175fUzAaTB/f0kGu1wZX08sughp5EJFmR7+ # hHPocvTWgqYGFDVqe1DXVXop+tb+4BJX9W54t/hBM1SRHwpH43o8Izb648cbeQoe # sgmD9Xuc6zJaNOuHVWhDwtCkEwolVJxsMqAD6z7Zhd5rSZ0eePiX6XWBYo/UF0oG # WPDyPiRx6POWHrvKaxpECS0jpIs3chhPmwqfLJt5uL+/BQXbuwc2QlA7TcYHsiv3 # 2uO4+k5iFWfDgaXm2UV1t0pTz4GitfObItqoTgpu7L740SYYXXWLNaDKQ4sl2JNC # Uy+wT/48BqnX # SIG # End signature block |