modules/AzStack.Insights/AzStack.Insights.Helper.psm1
|
<################################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # ################################################################> function Test-isFailoverCluster { [CmdletBinding()] param() # Detecting Failover Cluster based on the presence of the Get-Cluster cmdlet return ((Get-Command "Get-Cluster" -ErrorAction Ignore) -and (Get-Cluster -ErrorAction Ignore)) } function Get-FirewallEndpoints { <# .SYNOPSIS Retrieves the required firewall endpoints for a specified Azure region. .DESCRIPTION This function returns a collection of firewall endpoints that need to be opened for Azure Local operations in the specified region. This comes from https://learn.microsoft.com/en-us/azure/azure-local/concepts/system-requirements-23h2?view=azloc-2601&tabs=azure-public .OUTPUTS Collection of PSObjects representing firewall endpoints. .EXAMPLE $endpoints = Get-FirewallEndpoints -Region 'eastus' Retrieves all firewall endpoints for the 'eastus' region and stores them in the $endpoints variable. #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$Region ) $endpointRootDir = Get-Item -Path "$PSScriptRoot\config\firewall_endpoints" try { switch ($Region) { 'australiaeast' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "AustraliaEastEndpoints.psd1") } 'canadacentral' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "CanadaCentralEndpoints.psd1") } 'eastus' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "EastUSEndpoints.psd1") } 'centralindia' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "IndiaCentralEndpoints.psd1") } 'japaneast' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "JapanEastEndpoints.psd1") } 'southcentralus' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "SouthCentralUSEndpoints.psd1") } 'southeastasia' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "SoutheastAsiaEndpoints.psd1") } 'westeurope' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "WestEuropeEndpoints.psd1") } 'usgovvirginia' { $configData = Import-PowerShellDataFile -Path (Join-Path -Path $endpointRootDir.FullName -ChildPath "USGovVirginiaEndpoints.psd1") } default { return $null } } return $configData.Endpoints } catch { throw "Failed to load firewall endpoints for region '$Region'. $_" } } function Get-MocConfigCached { <# .SYNOPSIS Returns MOC configuration, using the global cache when available. .DESCRIPTION Reads from $Global:MocArbCachedMocConfig if populated (set by the MocArb component). On cache miss, calls Get-MocConfig directly with up to 5 retry attempts and exponential backoff to handle transient MOC file lock errors on the shared catalogs file. .PARAMETER CallerName Label used in diagnostic messages. .OUTPUTS The MOC configuration object, or $null if all attempts fail. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [string]$CallerName = 'MocArb' ) if ($Global:MocArbCachedMocConfig) { return $Global:MocArbCachedMocConfig } Write-Verbose "[$env:COMPUTERNAME][$CallerName] Cache miss, calling Get-MocConfig directly" $mocConfig = $null for ($attempt = 1; $attempt -le 5; $attempt++) { try { $mocConfig = Get-MocConfig -ErrorAction SilentlyContinue 2>$null } catch { } if ($mocConfig) { Write-Verbose "[$env:COMPUTERNAME][$CallerName] Get-MocConfig succeeded on attempt $attempt" return $mocConfig } if ($attempt -lt 5) { $backoff = 2 * $attempt Write-Warning "[$env:COMPUTERNAME][$CallerName] Get-MocConfig attempt $attempt failed, retrying in ${backoff}s" Start-Sleep -Seconds $backoff } } Write-Warning "[$env:COMPUTERNAME][$CallerName] Get-MocConfig failed after 5 attempts" return $null } function Get-ArbControlPlaneVMs { <# .SYNOPSIS Returns local Hyper-V VM objects for the ARB control-plane VM. .DESCRIPTION Calls Get-VM -Name '*control-plan*' on the local node, then disambiguates when multiple VMs match (e.g., AKS workloads also create control-plane VMs). Uses three methods to identify the real ARB VM: 1. Cluster group: ARB VM belongs to the '<clusterName>-arcbridge' cluster group. The cluster group name reliably contains 'arcbridge' even though the VM name does not. 2. MOC kubeconfig IP: Matches the API server IP from the ARB kubeconfig to VM network adapters. Kubeconfigs under paths containing 'arcbridge' are preferred over AKS kubeconfigs. 3. ARB hex-ID name pattern: matches '<hex>-control-plan[hex/random]-<hex>' VM names. Two real-world variants are seen in the field — '<hex>-control-plane-0-<hex>' (older clusters) and '<hex>-control-plan<5-char-suffix>-<hex>' (newer clusters, e.g. LH-21). Both are covered. AKS control-plane VMs use non-hex prefixes so this still excludes them. Falls back to returning all matches if disambiguation fails. .OUTPUTS Array of Hyper-V VM objects, or empty array if none found on this node. #> [CmdletBinding()] param () $vms = @(Get-VM -Name '*control-plan*' -ErrorAction Ignore) if ($vms.Count -le 1) { return $vms } # Multiple VMs matched — AKS workloads can create additional control-plane VMs. Write-Verbose "[$env:COMPUTERNAME][Get-ArbControlPlaneVMs] Found $($vms.Count) VMs matching '*control-plan*', disambiguating ARB VM..." # Method 1: Cross-reference with the ARB failover cluster group (<clusterName>-arcbridge) # The cluster group name reliably contains 'arcbridge'; the VM name itself does not. try { $clusterName = Get-AzsSupportEceManagementClusterName -ErrorAction Stop $arbGroupName = "$clusterName-arcbridge" $arbGroup = Get-ClusterGroup -Name $arbGroupName -ErrorAction Ignore if ($arbGroup) { $arbGroupResources = @(Get-ClusterResource -InputObject $arbGroup -ErrorAction Ignore | Where-Object { $_.ResourceType -eq 'Virtual Machine' }) if ($arbGroupResources.Count -gt 0) { $arbResourceNames = @($arbGroupResources | ForEach-Object { $_.Name }) # Cluster resource names for VMs are typically 'Virtual Machine <VMName>' $matched = @($vms | Where-Object { $vmName = $_.Name $arbResourceNames -contains $vmName -or $arbResourceNames -contains "Virtual Machine $vmName" }) if ($matched.Count -gt 0) { Write-Verbose "[$env:COMPUTERNAME][Get-ArbControlPlaneVMs] Narrowed to $($matched.Count) VM(s) by cluster group '$arbGroupName'" return $matched } } } } catch { Write-Warning "[$env:COMPUTERNAME][Get-ArbControlPlaneVMs] Cluster group cross-reference skipped: $_" } # Method 2: Match VM network adapter IPs against the ARB kubeconfig API server IP # Prefer kubeconfigs whose path contains 'arcbridge' to avoid picking up AKS kubeconfigs. $arbIp = $null $mocCfg = Get-MocConfigCached -CallerName 'Get-ArbControlPlaneVMs' if ($mocCfg -and $mocCfg.WorkingDir -and (Test-Path $mocCfg.WorkingDir)) { $kubeconfigs = @(Get-ChildItem -Path $mocCfg.WorkingDir -Filter 'kubeconfig' -Recurse -Depth 10 -ErrorAction Ignore) # Prefer kubeconfigs under arcbridge paths $arcbridgeKubeconfigs = @($kubeconfigs | Where-Object { $_.FullName -like '*arcbridge*' }) $orderedKubeconfigs = if ($arcbridgeKubeconfigs.Count -gt 0) { $arcbridgeKubeconfigs } else { $kubeconfigs } foreach ($kc in $orderedKubeconfigs) { $content = Get-Content -Path $kc.FullName -Raw -ErrorAction Ignore if ($content -match 'server:\s*https?://([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):6443') { $arbIp = $matches[1] break } } } if ($arbIp) { $matched = @($vms | Where-Object { $vmIps = @( $_ | Get-VMNetworkAdapter -ErrorAction Ignore | ForEach-Object { $_.IPAddresses } | Where-Object { $_ -match '^\d+\.' } ) $vmIps -contains $arbIp }) if ($matched.Count -gt 0) { Write-Verbose "[$env:COMPUTERNAME][Get-ArbControlPlaneVMs] Narrowed to $($matched.Count) VM(s) by MOC kubeconfig IP ($arbIp)" return $matched } } # ------------------------------------------------------------------------------------------ # Method 3: ARB-vs-AKS disambiguation by VM name regex — READ BEFORE MODIFYING # ------------------------------------------------------------------------------------------ # The regex below matches ONLY the Arc Resource Bridge (ARB) control-plane VM. # It DELIBERATELY EXCLUDES AKS workload-cluster control-plane VMs (which can co-exist). # # Discriminator: the leading prefix before '-control-plan' must be ALL hex chars [0-9a-f]. # ARB VM prefix is a derived Azure resource identifier — all hex, typically ~45 chars: # caa5017c65b71e53681da3c40ae39f0807ad6c3f216b0-control-planzzq2l-92b1f66d (newer) # 013bc87fb2959d61230552d6d19dc6c9e7483f83cd66-control-plane-0-3e9345d2 (older) # AKS workload-cluster control-plane VM prefix contains non-hex letters (g–z), e.g. # 0002akscls001-control-plane-... ('k','s','c','l' are not hex → no match) # # If you are looking for AKS control-plane VMs you need a DIFFERENT regex/lookup — # this one will silently skip them. # ------------------------------------------------------------------------------------------ $matched = @($vms | Where-Object { $_.Name -imatch '^[0-9a-f]+-control-plan[a-z0-9-]+-[0-9a-f]+$' }) if ($matched.Count -gt 0) { Write-Verbose "[$env:COMPUTERNAME][Get-ArbControlPlaneVMs] Narrowed to $($matched.Count) VM(s) by ARB hex-ID name pattern" return $matched } Write-Warning "[$env:COMPUTERNAME][Get-ArbControlPlaneVMs] Could not disambiguate $($vms.Count) control-plane VMs. Returning all matches." return $vms } function Get-ArbControlPlaneTargets { <# .SYNOPSIS Discovers ARB control-plane VM IPv4 addresses. .DESCRIPTION Uses two methods to find ARB control-plane VM IPs: 1. Local Hyper-V (Get-VM) for VMs matching '*control-plan*' on this node. 2. Parses kubeconfig files in the MOC working directory and ClusterStorage for the Kubernetes API server IP (port 6443). Method 2 uses Get-MocConfigCached to locate the MOC working directory. .PARAMETER CallerName Label used in diagnostic messages. .OUTPUTS Array of unique IPv4 address strings, or empty array if none found. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [string]$CallerName = 'MocArb' ) $arbTargets = @() # Method 1: Local Get-VM for ARB control-plane VMs on this node $arbVMs = Get-ArbControlPlaneVMs if ($arbVMs) { $arbTargets = @( $arbVMs | Get-VMNetworkAdapter -ErrorAction Ignore | ForEach-Object { $_.IPAddresses } | Where-Object { $_ } | Where-Object { $_ -match '^\d+\.' } ) } # Method 2: Parse kubeconfig files for API server IP if ($arbTargets.Count -eq 0) { $searchPaths = @() $mocCfg = Get-MocConfigCached -CallerName $CallerName if ($mocCfg.WorkingDir) { $searchPaths += $mocCfg.WorkingDir } $searchPaths += 'C:\ClusterStorage' foreach ($searchPath in $searchPaths) { if (-not (Test-Path $searchPath)) { continue } $kubeconfigs = @(Get-ChildItem -Path $searchPath -Filter 'kubeconfig' -Recurse -Depth 10 -ErrorAction Ignore) # On clusters with AKS workloads, multiple kubeconfigs exist (ARB + AKS target clusters). # Prefer kubeconfigs whose path contains 'arcbridge' to avoid testing AKS endpoints. $arcbridgeKubeconfigs = @($kubeconfigs | Where-Object { $_.FullName -like '*arcbridge*' }) $orderedKubeconfigs = if ($arcbridgeKubeconfigs.Count -gt 0) { $arcbridgeKubeconfigs } else { $kubeconfigs } foreach ($kc in $orderedKubeconfigs) { $content = Get-Content -Path $kc.FullName -Raw -ErrorAction Ignore if ($content -match 'server:\s*https?://([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):6443') { $arbTargets += $matches[1] } } $arbTargets = @($arbTargets | Select-Object -Unique) if ($arbTargets.Count -gt 0) { break } } } return $arbTargets } function Get-ArbKubeconfigs { <# .SYNOPSIS Finds ARB kubeconfig files on the local node. .DESCRIPTION Searches the MOC working directory and ClusterStorage for kubeconfig files that contain a Kubernetes API server endpoint (port 6443). .PARAMETER CallerName Label used in diagnostic messages. .OUTPUTS Array of FileInfo objects for matching kubeconfig files. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [string]$CallerName = 'MocArb' ) $searchPaths = @() $mocCfg = Get-MocConfigCached -CallerName $CallerName if ($mocCfg.WorkingDir) { $searchPaths += $mocCfg.WorkingDir } $searchPaths += 'C:\ClusterStorage' $found = @() foreach ($searchPath in $searchPaths) { if (-not (Test-Path $searchPath)) { continue } $kubeconfigs = @(Get-ChildItem -Path $searchPath -Filter 'kubeconfig' -Recurse -Depth 10 -ErrorAction Ignore) foreach ($kc in $kubeconfigs) { $content = Get-Content -Path $kc.FullName -Raw -ErrorAction Ignore if ($content -match 'server:\s*https?://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:6443') { $found += $kc } } if ($found.Count -gt 0) { break } } return $found } # SIG # Begin signature block # MIIncAYJKoZIhvcNAQcCoIInYTCCJ10CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDXR+tsPhCVm2Wq # mgdOi1MuEsktZYQUb6m+noXKtZAJDaCCDMkwggYEMIID7KADAgECAhMzAAACHPrN # xZvoL37EAAAAAAIcMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBD # b2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwNDE2MTg1OTQxWhcNMjcwNDE1MTg1 # OTQxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYD # VQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQDVsZfgOKmM31HPfoWOoNEiw0SlCiIxUMC0I9NMWbucKOw/e9lP # oAoehQVu6SG65V4EPzrYsnBnFPNoi4/HoOdjhz1qkrEt4I6tEcxXU6oOeY9zGveC # /3iBeuhLYxM3M/PkcUoebF+Nednm8OkdSPoDu8imViHPQq/8CQUu0WRR4rE+dMRf # rpVqfmNi2qWCX94T4MsepijGVkwE//tJg0ryAiYdHT34LSnlG/RSBZmQRGWZ5g8j # qnKjRParSqMft1gvjuUTVgtWNZfgcLFSK5Wa0myrq8OPcgTGGsRgun+tnSS+IxDT # xVsAPH1OzvPjwomguByhUe/OcvUN0D5Wmp7xAgMBAAGjggGqMIIBpjAOBgNVHQ8B # Af8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0O # BBYEFNoH7a2YDjOSwpkp6DHcmUS7J+0yMFQGA1UdEQRNMEukSTBHMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxFjAUBgNVBAUT # DTIzMDAxMis1MDc1NjkwHwYDVR0jBBgwFoAUf1k/VCHarU/vBeXmo9ctBpQSCDEw # YAYDVR0fBFkwVzBVoFOgUYZPaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w # cy9jcmwvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNy # bDBtBggrBgEFBQcBAQRhMF8wXQYIKwYBBQUHMAKGUWh0dHA6Ly93d3cubWljcm9z # b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmcl # MjBQQ0ElMjAyMDI0LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC # AQAUnEqhaRXe0T3hIJjvdQErEkrA/7bByjn6t5IArODkkRjzkYwtKMc2yYj2quaN # rLutWw2YZcngKPy1b71YyDJQTy4NDRwaSh9Tw5thrk3NmcPrAHia5vtcBJ1CgtKK # 7mQbIcQ22d/N3813ayCDDFewu1+jsZmX+r/aTEqaOM4TVxVtRSkuCy8nAXKuChOK # Li/zA4XuH8iEYqIsj2YoNaeSxVmeGiERXpKdo3dDmYi0kO5w2D8VS4c3+9h6gElY # BaAAg/dYErBg27qT3vv0zRDJhJufvCNylA8S7/+8H5E/PV5cng6na9VV/w9OV3qu # uND6zdGa2EX38Glp50F9AIQk3p2xXmcvorDeM4XJ7UlWYBi6g80J1SSOQnInCYFE # msfUNn3+1AaTJKSJL83quKArTac2pKhu0Yzzzrzo6HrsRiQKzpnRBb1/dMa6P3hz # 75XbMRBctNsFhZC07WCmjExdLg2eHW5uV0TY8D5+6wozJf7vF3+WHkYPO85Z+BC6 # U4FkNbYNycZ9cE4j1tXRdyDCfml6c0HWPHjNVDObrv9lKt3qUqFpX38VCqVCyNOO # 1UcXfQiVjJw32U2WUKZjt/neJKHEBsm9kFsLuWzkQ53+qcaSaytmsCnk2gOglrlD # 5d3kKyvvAw+rzm0lT8K38P6PLxfZQHhu4W8dV7Av8N2ZmDCCBr0wggSloAMCAQIC # EzMAAAA5O7Y3Gb8GHWcAAAAAADkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBS # b290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDExMB4XDTI0MDgwODIwNTQxOFoX # DTM2MDMyMjIyMTMwNFowVzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQ # Q0EgMjAyNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANgBnB7jOMeq # lRYHNa265v4IY9fH8TKhemHfPINe1gpLaV3dhg324WwH06LcHbpnsBukCDNitryo # 0dtS/EW6I/yEL/bLSY8hKpbfQuWusBPr9qazYcDxCW/qnjb5JsI1s8bNOg3bVATv # QVL4tcf03aTycsz8QeCdM0l/yHRObJ9QqazM1r6VPEOJ7LL+uEEb73w6QCuhs89a # 1uv1zerOYMnsneRRwCbpyW11IcggU0cRKDDq1pjVJzIbIF6+oiXXbReOsgeI8zu1 # FyQfK0fVkaya8SmVHQ/tOf23mZ4W9k0Ri22QW9p3UgSC5OUDktKxxcCmGL6tXLfO # GSWHIIV4YrTJTT6PNty5REojHJuZHArkF9VnHTERWoTjAzfI3kP+5b4alUdhgAZ7 # ttOu1bVnXfHaqPYl2rPs20ji03LOVWsh/radgE17es5hL+t6lV0eVHrVhsssROWJ # uz2MXMCt7iw7lFPG9LXKGjsmonn2gotGdHIuEg5JnJMJVmixd5LRlkmgYRZKzhxS # CwyoGIq0PhaA7Y+VPct5pCHkijcIIDm0nlkK+0KyepolcqGm0T/GYQRMhHJlGOOm # VQop36wUVUYklUy++vDWeEgEo4s7hxN6mIbf2MSIQ/iIfMZgJxC69oukMUXCrOC3 # SkE/xIkgpfl22MM1itkZ35nNXkMolU1lAgMBAAGjggFOMIIBSjAOBgNVHQ8BAf8E # BAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFH9ZP1Qh2q1P7wXl5qPX # LQaUEggxMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMB # Af8wHwYDVR0jBBgwFoAUci06AjGQQ7kUBU7h6qfHMdEjiTQwWgYDVR0fBFMwUTBP # oE2gS4ZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNybDBeBggrBgEFBQcBAQRSMFAw # TgYIKwYBBQUHMAKGQmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv # TWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNydDANBgkqhkiG9w0BAQwFAAOC # AgEAFJQfOChP7onn6fLIMKrSlN1WYKwDFgAddymOUO3FrM8d7B/W/iQ6DxXsDn7D # 5W4wMwYeLystcEqfkjz4NURRgazyMu5yRzQh4LqjA4tStTcJh1opExo7nn5PuPBY # nbu0+THSuVHTe0VTTPVhily/piFrDo3axQ9P4C+Ol5yet+2gTfekICS5xS+cYfSI # vgn0JksVBVMYVI5QFu/qhnLhsEFEUzG8fvv0hjgkO+lkpV9ty6GkN4vdnd7ya6Q6 # aR9y34aiM1qmxaxBi6OUnyNl6fkuun/diTFnYDLTppOkr/mg5WSfCiDVMNCxtj4w # PKC5OmHm1DQIt/MNokbbH3UGsFP1QbzsLocuSqLCvH09Io3fDPTmscR9Y75G4qX7 # RTX8AdBPo0I6OEojf39zuFZt0qOHm65YWQE69cZM2ueE1MB05dNNgHK9gTE7zKvK # /fg8B2qjW88MT/WF5V5uvZGtqa9FSL2RazArA+rDPuf6JGYz4HpgMZHB4S6szWSK # YBv0VisCzfxgeU+dquXW9bd0auYlOB58DPcOYKdc3Se94g+xL4pcEhbB54JOgAkw # YTu/9dLeH2pDqeJZAABVDWRQCaXfO5LgyKwKCLYXpigrZYCjUSBcr+Ve8PFWMhVT # Ql0v4q8J/AUmQN5W4n101cY2L4A7GTQG1h32HHAvfQESWP0xghn9MIIZ+QIBATBu # MFcxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # KDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMjQCEzMAAAIc # +s3Fm+gvfsQAAAAAAhwwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwG # CisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZI # hvcNAQkEMSIEIECDlnmCqTWrBX9vTaWrXNTxCxV6B8hKvVOFvNaJE6q9MEIGCisG # AQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEBBQAEggEAxMRRQ9+2u12OyItxy6ui # iJbnoQ4p7a9oAOcy6XXG30bV9w1JMeSFbTYEy/osIVtUh6bttM6IJxWlK43j80sF # 9XGzf5MYzhpfBaX2WFKfX2alwQhJOdG1FdMR/jF3h24vRvWKxOFLpPLG10h24rRv # C/okzGMFI+Nds5ifg9E3P83RpDuXzI8xBASrQ2Ca7X4u0vYC3sUOTt5DvuPTaGtf # On9qZ2TMDuDtlXNPPZop8tFWbqP+nkr3xKaljc+KWGoRnIizooRFt8Ib+MID8OUe # QCQqmpstAlN09juOs3jiSvTONjhMzDE6xCwRwhsYrnR0EVVkpMPKw4W2+Dq3Iixo # /6GCF68wgherBgorBgEEAYI3AwMBMYIXmzCCF5cGCSqGSIb3DQEHAqCCF4gwgheE # AgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIB # QAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCC45do6Bah5GyPAQSIh # WOXdxoix/eA9ohszPXrfzlwx7gIGahDt9RzXGBIyMDI2MDUyNzE0MDcxMS42M1ow # BIACAfSggdmkgdYwgdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRl # ZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjRDMUEtMDVFMC1EOTQ3MSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIR/jCCBygwggUQoAMC # AQICEzMAAAIYJdmSBeLn5eQAAQAAAhgwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjUwODE0MTg0ODI1WhcNMjYxMTEzMTg0 # ODI1WjCB0zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsG # A1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMScwJQYD # VQQLEx5uU2hpZWxkIFRTUyBFU046NEMxQS0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEBAQUAA4IC # DwAwggIKAoICAQCx3Ojq65AmoB/Eue8QF8i+PqScr6npucxcQVn9CM84XLCVyMN/ # MjwODWfMOXGbv+mpu+NaHK9rMqYXI7qps/AKV9GcjnuHk4KLGCk44IYklAhlJOIy # C6LcHwM+IW0k9x/NG3cWyfGMtfAEiMaCeMZ+ZCXvN6MDVahgv+oGZCHD8UMVNZ5v # F+jibREII7F/arCPfVo6NzZphR4+0sxcexco8UfS2nlIogX/20nFFKDQ1gS9CpWK # WN7xpCQ93erMC7HYxzkcxIrg0xO1VUJgBYNRnin7qIMj23kE0IEix/migU1Ra3EK # qekViItiQd8V/GFVQFnwsYbFiwDfqycPrmzYd/i3zqTR7xZ6Uf+6x+Fio4zfPbJo # jyuDTzrfUiTCpTPJCgQ+oyweAF6bXGmY4ZIhSdW9OwC/6WYQIvZGqtw5mVlrHwrR # qKKPyHpSRYE3YgD+KRpyRNIZVEFCZZZm4sVZX9PjG43OxwLRfvGjh962CmypoQDS # Nj9B6+RO8u/g6U03144vws2HtWbRHrk/uhps5AOq1QUDAKCOA8nSJX+NAJowBw7d # JikbnBIBiImSThcuM1KU3FTYh2OzWw5GGXuzssLqE5vttUAdXA43vgbF8U2IQgDo # F+50A2OlAnSdRz+mkRelPimAMEexi1Xw7IpKMqwjE50VHt8gkiMNzwO9SQIDAQAB # o4IBSTCCAUUwHQYDVR0OBBYEFCQuocRcOhtjt0e6hAIFrixftovRMB8GA1UdIwQY # MBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6 # Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRpbWUt # U3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYB # BQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWlj # cm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB # /wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0G # CSqGSIb3DQEBCwUAA4ICAQCeSNGGPA+B2gim+3hiKhP+PQta4HEXcBEEpcMQ2CCt # oq8LShE/BuMCaxec8Sa26jkwPy4n1fD15ivGqqQrgMX2ydkyscx+ijEJr77WKsvP # xiijMLi1yL5rg3ftJuR7Wm3XGz2pm2+Q+BkZafkFzBV+YDBJkseLYK5nTpjT9f63 # p80GetsxWi81oNfhY93Ij0YTPF8iCAOxyTYimjhVcv8CtzPunYXtsRkZG7LGOAwL # 7CgKQMlof/KT/BxmkCyLF7g8503QNbplvfk7cODf5rqmsA0xzdYh298oOXvk/Rqp # xBtABHtvR/iAfg0yRRy3RabgY3kqGwTVgrtX/ACoMqYriPHfMvPdrwezFr0cHcbK # K2WYLmwOE6XhBMY3mRGLqgKhXiEr6QgWCeRaMeFJE2ibPfpCdsJIb8EcsSbYZFT2 # 7f8jjNR30TUAL3sgkQZ/Bv7Q1ZvdARyuTKl0Z1bCXQsQ5uGtBH0HVXv551zI2axf # SnYFfSsWl3U+RclJvF/whwSLD9uQ2BqBkT5WUO3Fd6u4t2jmTeUY6/us9i44Rqhl # jEO9m2kc/0/frCZbgg2NHo0iefZQz6Ss//F4udFsMGSb1GyWegOFWtqWIoMfrYHG # FyAv22JGA4eVwjTCq9VYt2/zJbyvGRrA6WEJGpPcQoQJbyS1QA/A1sFQuRP6hZy8 # FzCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQEL # BQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNV # BAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4X # DTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh # bXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM # 57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm # 95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzB # RMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBb # fowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCO # Mcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYw # XE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW # /aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/w # EPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPK # Z6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2 # BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfH # CBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYB # BAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8v # BO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYM # KwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEF # BQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBW # BgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUH # AQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtp # L2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsF # AAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518Jx # Nj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+ # iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2 # pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefw # C2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7 # T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFO # Ry3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhL # mm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3L # wUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5 # m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE # 0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNZMIICQQIB # ATCCAQGhgdmkgdYwgdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRl # ZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjRDMUEtMDVFMC1EOTQ3MSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoD # FQCda0atdaK40TxCsp+bgK0avnvP6aCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA7cFazzAiGA8yMDI2MDUyNzEx # NTgwN1oYDzIwMjYwNTI4MTE1ODA3WjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDt # wVrPAgEAMAoCAQACAgnIAgH/MAcCAQACAhIQMAoCBQDtwqxPAgEAMDYGCisGAQQB # hFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAw # DQYJKoZIhvcNAQELBQADggEBAHMdYlpC5rjzY8fdwToEC2EBATG5Ti0tweZJdtZp # JHYJbDdZSplvgW2FwDE3yvApe4APSH/Iq4DzTqpbFYF0nW7Prsj1xzGIZD8lIp7x # wtNCdyC3OZs+d8ZYpxDY2DWPq6N0mdc0xvMKjX50P69vaVOv1QMLtcsbndSBhuG9 # 4xv1IWAqFh/KPAKGekp2+r59+AVrt4dhRCPADUxYq+asEypJ6AXa7tes4fmm4ITv # Tg4I9dQP4CdsO+RacFE0AlfYkb+q5rN864JnrOuGOr7l05/I3c2FCyqTyJd7hFil # c+NmQrWTGW9DLa5mgPOS1a3+N9MQrRAbKaSZACVB19HJ4GYxggQNMIIECQIBATCB # kzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAhgl2ZIF4ufl5AAB # AAACGDANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJ # EAEEMC8GCSqGSIb3DQEJBDEiBCDtus0QjwFdPNePyDjivRQNUYjQDDpBbHpGOKmC # F9v1DzCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIJkT3Im45Mi0jBZoRLqX # MYorVdxKjPXKdHNo5XPH14VqMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTACEzMAAAIYJdmSBeLn5eQAAQAAAhgwIgQgafd8BI6Dc74SG8EbJvmn # EpH2r5zz4lhBflQbcSk6Vv4wDQYJKoZIhvcNAQELBQAEggIAi/ys3k83nxOS3/gP # LyONpnM8BuogU6WUPN41/IblfBuFKy3/qxa5HtU1jLsZiqolVwnE/9SU05Qzgz1+ # wGHocSwQLiqr+tyGbdUSPmaqLGXm3JVNAUy7B74Dr63B317Q/jOXARES44rfpdA7 # R2estsGohREgyyB1AFr3S5os203QZfllzAaeKruEELlu6XQYhUg9gK43XDli4DAS # RGo2UVnymW9oDl7ufIHDAEUQw+5ykHPdh1UqlKo3RRwH0oacDYzwgfvGE64ePhaB # DYptTScz0L/SPeVT9gL1uhqyZW/4tHFJDqQxhrA/Y+YBzqtOgBhJUYufAsD6TzHl # rUSDCE6kdxca4ODdbUYvdHmkZoD7rBPje+O+UPqwcDpX1YVh3SqsCwccEfK0fHTN # VBwxpPRmd8l5svFDfQSbqwikusQa0/KJPm8ck7sV+f7/NNuxT/oU37JDCDya3PA2 # HJC78+mDAIdbgYnUgjogdzkILy0BcYmYn9KuYBOzyKx5BjqTwCbrVShWqM6DeC17 # Ia+GjsD75nJqVyqKRYLZQ8bjbJin7RB61ef7qkCnjF5eYCT+nW0jgi32dCo76Fh7 # Eh2oBjf+q/l7DIeJLf5Kkx91VpQqhpSncjwXEUq4PZjBeraK+7aLL6dOV5V9tpVv # EPQ8/US3n1D1nVAa95bIYdZmYHU= # SIG # End signature block |