From simon.williams at thehelpfulcat.com Wed Nov 15 13:34:50 2017
Content-Type: multipart/mixed; boundary="===============2778987390319519219=="
MIME-Version: 1.0
From: Simon Williams <simon.williams at thehelpfulcat.com>
To: freeipa-users at lists.fedorahosted.org
Subject: [Freeipa-users] Re: upgrade to ubuntu 17.10 fails
Date: Wed, 15 Nov 2017 13:33:56 +0000
Message-ID: <CAJWeEdSMDCXdbR6A7U-dpNtp3dKyMBPTGvi+vqHnpQe75aJEuQ@mail.gmail.com>
In-Reply-To: CADq_JGqur3Nh+sQpRxMptLb-B+qLmy4WQv+ZZ2LsFH-ukZo=sg@mail.gmail.com

--===============2778987390319519219==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

There may be a million and one reasons not to do it this way, but have you
considered building a new VM on 17.10 and replicating from the existing
server? I have just tried to upgrade a development environment (IPA client)
to 17.10 and had endless issues. I ended up creating a new machine and
copying across my files which was considerably quicker.

The upgrade to 17.10, particularly for machines that started out life on
16.04, appears to be fraut with problems even without having to deal with
FreeIPA updates!

On Wed, 15 Nov 2017, 13:24 David Harvey via FreeIPA-users, <
freeipa-users(a)lists.fedorahosted.org> wrote:

> Hi wisdom of the list,
>
> I know I am an edge case with running on ubuntu, but hoped someone might
> be able to shed some light.
>
> A bit of background.  I'm trying to test upgrades without potentially
> hosing my existing services, so I have cloned the VM, given it a new IP
> address, updated hosts file and pointed DNS somewhere that doesn't know
> about the real IPA services (8.8.8.8) so it won't try and sync or replica=
te.
>
> Attempting to upgrade hits a snags or two, some described in bugs already
> like the pki version number confusing the apt scripts
> https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1703051 ). The one
> I can't work around however is below.
>
> It seems deeply unhappy, and restarting the services result in the
> dogtag-pki web page being available until a login attempt is made (as
> occurs during the ipa-server-upgrade) after which point it bombs with a 5=
00
> error.
>
> Could the below caused by
> https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1716842 ?
>
> Any advice appreciated, as I think even when 18.04 hits with the proposed
> updates to rely on to tomcat 8.5, I'll still need to upgrade via 17.10
> which seems currently fraught!  If it relates to my method of cloning the
> VM, is there a better way of testing upgrades without potentially hosing
> the existing live systems?
>
>
> Thanks in advance,
>
> David
>
> 2017-11-15T13:05:59Z DEBUG approved_usage =3D SSL Server intended_usage =
=3D
> SSL Server
> 2017-11-15T13:05:59Z DEBUG cert valid True for "CN=3Dipa1.my.net,O=3D
> THOMAC.NET"
> 2017-11-15T13:05:59Z DEBUG handshake complete, peer =3D IPADDRESS
> 2017-11-15T13:05:59Z DEBUG Protocol: TLS1.2
> 2017-11-15T13:05:59Z DEBUG Cipher: TLS_RSA_WITH_AES_128_CBC_SHA
> 2017-11-15T13:05:59Z DEBUG response status 500
> 2017-11-15T13:05:59Z DEBUG response headers {'content-length': '2292',
> 'content-language': 'en', 'server': 'Apache-Coyote/1.1', 'connection':
> 'close', 'date': 'Wed, 15 Nov 2017 13:05:59 GMT', 'content-type':
> 'text/html;charset=3Dutf-8'}
> 2017-11-15T13:05:59Z DEBUG response body '<!DOCTYPE
> html><html><head><title>Apache Tomcat/8.0.46 (Ubuntu) - Error
> report</title><style type=3D"text/css">H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76=
;font-size:22px;}
> H2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76=
;font-size:16px;}
> H3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76=
;font-size:14px;}
> BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;}=
 B
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76=
;}
> P
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-si=
ze:12px;}A
> {color : black;}A.name {color : black;}.line {height: 1px;
> background-color: #525D76; border: none;}</style> </head><body><h1>HTTP
> Status 500 - Subsystem unavailable</h1><div
> class=3D"line"></div><p><b>type</b> Exception report</p><p><b>message</b>
> <u>Subsystem unavailable</u></p><p><b>description</b> <u>The server
> encountered an internal error that prevented it from fulfilling this
> request.</u></p><p><b>exception</b></p><pre>javax.ws.rs.ServiceUnavailabl=
eException:
> Subsystem
> unavailable\n\tcom.netscape.cms.tomcat.ProxyRealm.findSecurityConstraints=
(ProxyRealm.java:138)\n\torg.apache.catalina.authenticator.AuthenticatorBas=
e.invoke(AuthenticatorBase.java:498)\n\torg.apache.catalina.valves.ErrorRep=
ortValve.invoke(ErrorReportValve.java:79)\n\torg.apache.catalina.valves.Abs=
tractAccessLogValve.invoke(AbstractAccessLogValve.java:620)\n\torg.apache.c=
atalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:502)\n\torg.apac=
he.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.ja=
va:1132)\n\torg.apache.coyote.AbstractProtocol$AbstractConnectionHandler.pr=
ocess(AbstractProtocol.java:684)\n\torg.apache.tomcat.util.net.JIoEndpoint$=
SocketProcessor.run(JIoEndpoint.java:283)\n\tjava.util.concurrent.ThreadPoo=
lExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tjava.util.concurrent.T=
hreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\torg.apache.tom=
cat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tjav=
a.lang.Thread.run(Thread.java:748)\n</pre><p><b>note</b>
> <u>The full stack trace of the root cause is available in the Apache
> Tomcat/8.0.46 (Ubuntu) logs.</u></p><hr class=3D"line"><h3>Apache
> Tomcat/8.0.46 (Ubuntu)</h3></body></html>'
> 2017-11-15T13:05:59Z ERROR IPA server upgrade failed: Inspect
> /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
> 2017-11-15T13:05:59Z DEBUG   File
> "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 172, in
> execute
>     return_value =3D self.run()
>   File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_upgrade.py=
",
> line 46, in run
>     server.upgrade()
>   File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/upgrade.py",
> line 1878, in upgrade
>     upgrade_configuration()
>   File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/upgrade.py",
> line 1797, in upgrade_configuration
>     ca_enable_ldap_profile_subsystem(ca)
>   File
> "/usr/lib/python2.7/dist-packages/ipaserver/install/server/upgrade.py",
> line 347, in ca_enable_ldap_profile_subsystem
>     cainstance.migrate_profiles_to_ldap()
>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py",
> line 1981, in migrate_profiles_to_ldap
>     _create_dogtag_profile(profile_id, profile_data, overwrite=3DFalse)
>   File "/usr/lib/python2.7/dist-packages/ipaserver/install/cainstance.py",
> line 1987, in _create_dogtag_profile
>     with api.Backend.ra_certprofile as profile_api:
>   File "/usr/lib/python2.7/dist-packages/ipaserver/plugins/dogtag.py",
> line 1294, in __enter__
>     raise errors.RemoteRetrieveError(reason=3D_('Failed to authenticate to
> CA REST API'))
>
> 2017-11-15T13:05:59Z DEBUG The ipa-server-upgrade command failed,
> exception: RemoteRetrieveError: Failed to authenticate to CA REST API
> 2017-11-15T13:05:59Z ERROR Unexpected error - see /var/log/ipaupgrade.log
> for details:
> RemoteRetrieveError: Failed to authenticate to CA REST API
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.=
org
>

--===============2778987390319519219==
Content-Type: text/html
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.html"

PHAgZGlyPSJsdHIiPlRoZXJlIG1heSBiZSBhIG1pbGxpb24gYW5kIG9uZSByZWFzb25zIG5vdCB0
byBkbyBpdCB0aGlzIHdheSwgYnV0IGhhdmUgeW91IGNvbnNpZGVyZWQgYnVpbGRpbmcgYSBuZXcg
Vk0gb24gMTcuMTAgYW5kIHJlcGxpY2F0aW5nIGZyb20gdGhlIGV4aXN0aW5nIHNlcnZlcj8gSSBo
YXZlIGp1c3QgdHJpZWQgdG8gdXBncmFkZSBhIGRldmVsb3BtZW50IGVudmlyb25tZW50IChJUEEg
Y2xpZW50KSB0byAxNy4xMCBhbmQgaGFkIGVuZGxlc3MgaXNzdWVzLiBJIGVuZGVkIHVwIGNyZWF0
aW5nIGEgbmV3IG1hY2hpbmUgYW5kIGNvcHlpbmcgYWNyb3NzIG15IGZpbGVzIHdoaWNoIHdhcyBj
b25zaWRlcmFibHkgcXVpY2tlci4gPC9wPgo8cCBkaXI9Imx0ciI+VGhlIHVwZ3JhZGUgdG8gMTcu
MTAsIHBhcnRpY3VsYXJseSBmb3IgbWFjaGluZXMgdGhhdCBzdGFydGVkIG91dCBsaWZlIG9uIDE2
LjA0LCBhcHBlYXJzIHRvIGJlIGZyYXV0IHdpdGggcHJvYmxlbXMgZXZlbiB3aXRob3V0IGhhdmlu
ZyB0byBkZWFsIHdpdGggRnJlZUlQQSB1cGRhdGVzITwvcD4KPGJyPjxkaXYgY2xhc3M9ImdtYWls
X3F1b3RlIj48ZGl2IGRpcj0ibHRyIj5PbiBXZWQsIDE1IE5vdiAyMDE3LCAxMzoyNCBEYXZpZCBI
YXJ2ZXkgdmlhIEZyZWVJUEEtdXNlcnMsICZsdDs8YSBocmVmPSJtYWlsdG86ZnJlZWlwYS11c2Vy
c0BsaXN0cy5mZWRvcmFob3N0ZWQub3JnIj5mcmVlaXBhLXVzZXJzQGxpc3RzLmZlZG9yYWhvc3Rl
ZC5vcmc8L2E+Jmd0OyB3cm90ZTo8YnI+PC9kaXY+PGJsb2NrcXVvdGUgY2xhc3M9ImdtYWlsX3F1
b3RlIiBzdHlsZT0ibWFyZ2luOjAgMCAwIC44ZXg7Ym9yZGVyLWxlZnQ6MXB4ICNjY2Mgc29saWQ7
cGFkZGluZy1sZWZ0OjFleCI+PGRpdiBkaXI9Imx0ciI+PGRpdj5IaSB3aXNkb20gb2YgdGhlIGxp
c3QsPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5JIGtub3cgSSBhbSBhbiBlZGdlIGNhc2Ugd2l0
aCBydW5uaW5nIG9uIHVidW50dSwgYnV0IGhvcGVkIHNvbWVvbmUgbWlnaHQgYmUgYWJsZSB0byBz
aGVkIHNvbWUgbGlnaHQuPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5BIGJpdCBvZiBiYWNrZ3Jv
dW5kLsKgIEkmIzM5O20gdHJ5aW5nIHRvIHRlc3QgdXBncmFkZXMgd2l0aG91dCBwb3RlbnRpYWxs
eSBob3NpbmcgbXkgZXhpc3Rpbmcgc2VydmljZXMsIHNvIEkgaGF2ZSBjbG9uZWQgdGhlIFZNLCBn
aXZlbiBpdCBhIG5ldyBJUCBhZGRyZXNzLCB1cGRhdGVkIGhvc3RzIGZpbGUgYW5kIHBvaW50ZWQg
RE5TIHNvbWV3aGVyZSB0aGF0IGRvZXNuJiMzOTt0IGtub3cgYWJvdXQgdGhlIHJlYWwgSVBBIHNl
cnZpY2VzICg4LjguOC44KSBzbyBpdCB3b24mIzM5O3QgdHJ5IGFuZCBzeW5jIG9yIHJlcGxpY2F0
ZS48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PkF0dGVtcHRpbmcgdG8gdXBncmFkZSBoaXRzIGEg
c25hZ3Mgb3IgdHdvLCBzb21lIGRlc2NyaWJlZCBpbiBidWdzIGFscmVhZHkgbGlrZSB0aGUgcGtp
IHZlcnNpb24gbnVtYmVyIGNvbmZ1c2luZyB0aGUgYXB0IHNjcmlwdHPCoDxhIGhyZWY9Imh0dHBz
Oi8vYnVncy5sYXVuY2hwYWQubmV0L3VidW50dS8rc291cmNlL2ZyZWVpcGEvK2J1Zy8xNzAzMDUx
IiB0YXJnZXQ9Il9ibGFuayI+aHR0cHM6Ly9idWdzLmxhdW5jaHBhZC5uZXQvdWJ1bnR1Lytzb3Vy
Y2UvZnJlZWlwYS8rYnVnLzE3MDMwNTE8L2E+ICkuIFRoZSBvbmUgSSBjYW4mIzM5O3Qgd29yayBh
cm91bmQgaG93ZXZlciBpcyBiZWxvdy48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2Pkl0IHNlZW1z
IGRlZXBseSB1bmhhcHB5LCBhbmQgcmVzdGFydGluZyB0aGUgc2VydmljZXMgcmVzdWx0IGluIHRo
ZSBkb2d0YWctcGtpIHdlYiBwYWdlIGJlaW5nIGF2YWlsYWJsZSB1bnRpbCBhIGxvZ2luIGF0dGVt
cHQgaXMgbWFkZSAoYXMgb2NjdXJzIGR1cmluZyB0aGUgaXBhLXNlcnZlci11cGdyYWRlKSBhZnRl
ciB3aGljaCBwb2ludCBpdCBib21icyB3aXRoIGEgNTAwIGVycm9yLjwvZGl2PjxkaXY+PGJyPjwv
ZGl2PjxkaXY+Q291bGQgdGhlIGJlbG93IGNhdXNlZCBiecKgPGEgaHJlZj0iaHR0cHM6Ly9idWdz
LmxhdW5jaHBhZC5uZXQvdWJ1bnR1Lytzb3VyY2UvZnJlZWlwYS8rYnVnLzE3MTY4NDIiIHRhcmdl
dD0iX2JsYW5rIj5odHRwczovL2J1Z3MubGF1bmNocGFkLm5ldC91YnVudHUvK3NvdXJjZS9mcmVl
aXBhLytidWcvMTcxNjg0MjwvYT4gPzxicj48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2PkFueSBh
ZHZpY2UgYXBwcmVjaWF0ZWQsIGFzIEkgdGhpbmsgZXZlbiB3aGVuIDE4LjA0IGhpdHMgd2l0aCB0
aGUgcHJvcG9zZWQgdXBkYXRlcyB0byByZWx5IG9uIHRvIHRvbWNhdCA4LjUsIEkmIzM5O2xsIHN0
aWxsIG5lZWQgdG8gdXBncmFkZSB2aWEgMTcuMTAgd2hpY2ggc2VlbXMgY3VycmVudGx5IGZyYXVn
aHQhwqAgSWYgaXQgcmVsYXRlcyB0byBteSBtZXRob2Qgb2YgY2xvbmluZyB0aGUgVk0sIGlzIHRo
ZXJlIGEgYmV0dGVyIHdheSBvZiB0ZXN0aW5nIHVwZ3JhZGVzIHdpdGhvdXQgcG90ZW50aWFsbHkg
aG9zaW5nIHRoZSBleGlzdGluZyBsaXZlIHN5c3RlbXM/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRp
dj48YnI+PC9kaXY+PGRpdj5UaGFua3MgaW4gYWR2YW5jZSw8L2Rpdj48ZGl2Pjxicj48L2Rpdj48
ZGl2PkRhdmlkPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj4yMDE3LTExLTE1VDEzOjA1OjU5WiBE
RUJVRyBhcHByb3ZlZF91c2FnZSA9IFNTTCBTZXJ2ZXIgaW50ZW5kZWRfdXNhZ2UgPSBTU0wgU2Vy
dmVyPC9kaXY+PGRpdj4yMDE3LTExLTE1VDEzOjA1OjU5WiBERUJVRyBjZXJ0IHZhbGlkIFRydWUg
Zm9yICZxdW90O0NOPTxhIGhyZWY9Imh0dHA6Ly9pcGExLm15Lm5ldCIgdGFyZ2V0PSJfYmxhbmsi
PmlwYTEubXkubmV0PC9hPixPPTxhIGhyZWY9Imh0dHA6Ly9USE9NQUMuTkVUIiB0YXJnZXQ9Il9i
bGFuayI+VEhPTUFDLk5FVDwvYT4mcXVvdDs8L2Rpdj48ZGl2PjIwMTctMTEtMTVUMTM6MDU6NTla
IERFQlVHIGhhbmRzaGFrZSBjb21wbGV0ZSwgcGVlciA9IElQQUREUkVTUzwvZGl2PjxkaXY+MjAx
Ny0xMS0xNVQxMzowNTo1OVogREVCVUcgUHJvdG9jb2w6IFRMUzEuMjwvZGl2PjxkaXY+MjAxNy0x
MS0xNVQxMzowNTo1OVogREVCVUcgQ2lwaGVyOiBUTFNfUlNBX1dJVEhfQUVTXzEyOF9DQkNfU0hB
PC9kaXY+PGRpdj4yMDE3LTExLTE1VDEzOjA1OjU5WiBERUJVRyByZXNwb25zZSBzdGF0dXMgNTAw
PC9kaXY+PGRpdj4yMDE3LTExLTE1VDEzOjA1OjU5WiBERUJVRyByZXNwb25zZSBoZWFkZXJzIHsm
IzM5O2NvbnRlbnQtbGVuZ3RoJiMzOTs6ICYjMzk7MjI5MiYjMzk7LCAmIzM5O2NvbnRlbnQtbGFu
Z3VhZ2UmIzM5OzogJiMzOTtlbiYjMzk7LCAmIzM5O3NlcnZlciYjMzk7OiAmIzM5O0FwYWNoZS1D
b3lvdGUvMS4xJiMzOTssICYjMzk7Y29ubmVjdGlvbiYjMzk7OiAmIzM5O2Nsb3NlJiMzOTssICYj
Mzk7ZGF0ZSYjMzk7OiAmIzM5O1dlZCwgMTUgTm92IDIwMTcgMTM6MDU6NTkgR01UJiMzOTssICYj
Mzk7Y29udGVudC10eXBlJiMzOTs6ICYjMzk7dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgmIzM5O308
L2Rpdj48ZGl2PjIwMTctMTEtMTVUMTM6MDU6NTlaIERFQlVHIHJlc3BvbnNlIGJvZHkgJiMzOTsm
bHQ7IURPQ1RZUEUgaHRtbCZndDsmbHQ7aHRtbCZndDsmbHQ7aGVhZCZndDsmbHQ7dGl0bGUmZ3Q7
QXBhY2hlIFRvbWNhdC84LjAuNDYgKFVidW50dSkgLSBFcnJvciByZXBvcnQmbHQ7L3RpdGxlJmd0
OyZsdDtzdHlsZSB0eXBlPSZxdW90O3RleHQvY3NzJnF1b3Q7Jmd0O0gxIHtmb250LWZhbWlseTpU
YWhvbWEsQXJpYWwsc2Fucy1zZXJpZjtjb2xvcjp3aGl0ZTtiYWNrZ3JvdW5kLWNvbG9yOiM1MjVE
NzY7Zm9udC1zaXplOjIycHg7fSBIMiB7Zm9udC1mYW1pbHk6VGFob21hLEFyaWFsLHNhbnMtc2Vy
aWY7Y29sb3I6d2hpdGU7YmFja2dyb3VuZC1jb2xvcjojNTI1RDc2O2ZvbnQtc2l6ZToxNnB4O30g
SDMge2ZvbnQtZmFtaWx5OlRhaG9tYSxBcmlhbCxzYW5zLXNlcmlmO2NvbG9yOndoaXRlO2JhY2tn
cm91bmQtY29sb3I6IzUyNUQ3Njtmb250LXNpemU6MTRweDt9IEJPRFkge2ZvbnQtZmFtaWx5OlRh
aG9tYSxBcmlhbCxzYW5zLXNlcmlmO2NvbG9yOmJsYWNrO2JhY2tncm91bmQtY29sb3I6d2hpdGU7
fSBCIHtmb250LWZhbWlseTpUYWhvbWEsQXJpYWwsc2Fucy1zZXJpZjtjb2xvcjp3aGl0ZTtiYWNr
Z3JvdW5kLWNvbG9yOiM1MjVENzY7fSBQIHtmb250LWZhbWlseTpUYWhvbWEsQXJpYWwsc2Fucy1z
ZXJpZjtiYWNrZ3JvdW5kOndoaXRlO2NvbG9yOmJsYWNrO2ZvbnQtc2l6ZToxMnB4O31BIHtjb2xv
ciA6IGJsYWNrO31BLm5hbWUge2NvbG9yIDogYmxhY2s7fS5saW5lIHtoZWlnaHQ6IDFweDsgYmFj
a2dyb3VuZC1jb2xvcjogIzUyNUQ3NjsgYm9yZGVyOiBub25lO30mbHQ7L3N0eWxlJmd0OyAmbHQ7
L2hlYWQmZ3Q7Jmx0O2JvZHkmZ3Q7Jmx0O2gxJmd0O0hUVFAgU3RhdHVzIDUwMCAtIFN1YnN5c3Rl
bSB1bmF2YWlsYWJsZSZsdDsvaDEmZ3Q7Jmx0O2RpdiBjbGFzcz0mcXVvdDtsaW5lJnF1b3Q7Jmd0
OyZsdDsvZGl2Jmd0OyZsdDtwJmd0OyZsdDtiJmd0O3R5cGUmbHQ7L2ImZ3Q7IEV4Y2VwdGlvbiBy
ZXBvcnQmbHQ7L3AmZ3Q7Jmx0O3AmZ3Q7Jmx0O2ImZ3Q7bWVzc2FnZSZsdDsvYiZndDsgJmx0O3Um
Z3Q7U3Vic3lzdGVtIHVuYXZhaWxhYmxlJmx0Oy91Jmd0OyZsdDsvcCZndDsmbHQ7cCZndDsmbHQ7
YiZndDtkZXNjcmlwdGlvbiZsdDsvYiZndDsgJmx0O3UmZ3Q7VGhlIHNlcnZlciBlbmNvdW50ZXJl
ZCBhbiBpbnRlcm5hbCBlcnJvciB0aGF0IHByZXZlbnRlZCBpdCBmcm9tIGZ1bGZpbGxpbmcgdGhp
cyByZXF1ZXN0LiZsdDsvdSZndDsmbHQ7L3AmZ3Q7Jmx0O3AmZ3Q7Jmx0O2ImZ3Q7ZXhjZXB0aW9u
Jmx0Oy9iJmd0OyZsdDsvcCZndDsmbHQ7cHJlJmd0O2phdmF4LndzLnJzLlNlcnZpY2VVbmF2YWls
YWJsZUV4Y2VwdGlvbjogU3Vic3lzdGVtIHVuYXZhaWxhYmxlXG5cdGNvbS5uZXRzY2FwZS5jbXMu
dG9tY2F0LlByb3h5UmVhbG0uZmluZFNlY3VyaXR5Q29uc3RyYWludHMoUHJveHlSZWFsbS5qYXZh
OjEzOClcblx0b3JnLmFwYWNoZS5jYXRhbGluYS5hdXRoZW50aWNhdG9yLkF1dGhlbnRpY2F0b3JC
YXNlLmludm9rZShBdXRoZW50aWNhdG9yQmFzZS5qYXZhOjQ5OClcblx0b3JnLmFwYWNoZS5jYXRh
bGluYS52YWx2ZXMuRXJyb3JSZXBvcnRWYWx2ZS5pbnZva2UoRXJyb3JSZXBvcnRWYWx2ZS5qYXZh
Ojc5KVxuXHRvcmcuYXBhY2hlLmNhdGFsaW5hLnZhbHZlcy5BYnN0cmFjdEFjY2Vzc0xvZ1ZhbHZl
Lmludm9rZShBYnN0cmFjdEFjY2Vzc0xvZ1ZhbHZlLmphdmE6NjIwKVxuXHRvcmcuYXBhY2hlLmNh
dGFsaW5hLmNvbm5lY3Rvci5Db3lvdGVBZGFwdGVyLnNlcnZpY2UoQ295b3RlQWRhcHRlci5qYXZh
OjUwMilcblx0b3JnLmFwYWNoZS5jb3lvdGUuaHR0cDExLkFic3RyYWN0SHR0cDExUHJvY2Vzc29y
LnByb2Nlc3MoQWJzdHJhY3RIdHRwMTFQcm9jZXNzb3IuamF2YToxMTMyKVxuXHRvcmcuYXBhY2hl
LmNveW90ZS5BYnN0cmFjdFByb3RvY29sJEFic3RyYWN0Q29ubmVjdGlvbkhhbmRsZXIucHJvY2Vz
cyhBYnN0cmFjdFByb3RvY29sLmphdmE6Njg0KVxuXHRvcmcuYXBhY2hlLnRvbWNhdC51dGlsLm5l
dC5KSW9FbmRwb2ludCRTb2NrZXRQcm9jZXNzb3IucnVuKEpJb0VuZHBvaW50LmphdmE6MjgzKVxu
XHRqYXZhLnV0aWwuY29uY3VycmVudC5UaHJlYWRQb29sRXhlY3V0b3IucnVuV29ya2VyKFRocmVh
ZFBvb2xFeGVjdXRvci5qYXZhOjExNDkpXG5cdGphdmEudXRpbC5jb25jdXJyZW50LlRocmVhZFBv
b2xFeGVjdXRvciRXb3JrZXIucnVuKFRocmVhZFBvb2xFeGVjdXRvci5qYXZhOjYyNClcblx0b3Jn
LmFwYWNoZS50b21jYXQudXRpbC50aHJlYWRzLlRhc2tUaHJlYWQkV3JhcHBpbmdSdW5uYWJsZS5y
dW4oVGFza1RocmVhZC5qYXZhOjYxKVxuXHRqYXZhLmxhbmcuVGhyZWFkLnJ1bihUaHJlYWQuamF2
YTo3NDgpXG4mbHQ7L3ByZSZndDsmbHQ7cCZndDsmbHQ7YiZndDtub3RlJmx0Oy9iJmd0OyAmbHQ7
dSZndDtUaGUgZnVsbCBzdGFjayB0cmFjZSBvZiB0aGUgcm9vdCBjYXVzZSBpcyBhdmFpbGFibGUg
aW4gdGhlIEFwYWNoZSBUb21jYXQvOC4wLjQ2IChVYnVudHUpIGxvZ3MuJmx0Oy91Jmd0OyZsdDsv
cCZndDsmbHQ7aHIgY2xhc3M9JnF1b3Q7bGluZSZxdW90OyZndDsmbHQ7aDMmZ3Q7QXBhY2hlIFRv
bWNhdC84LjAuNDYgKFVidW50dSkmbHQ7L2gzJmd0OyZsdDsvYm9keSZndDsmbHQ7L2h0bWwmZ3Q7
JiMzOTs8L2Rpdj48ZGl2PjIwMTctMTEtMTVUMTM6MDU6NTlaIEVSUk9SIElQQSBzZXJ2ZXIgdXBn
cmFkZSBmYWlsZWQ6IEluc3BlY3QgL3Zhci9sb2cvaXBhdXBncmFkZS5sb2cgYW5kIHJ1biBjb21t
YW5kIGlwYS1zZXJ2ZXItdXBncmFkZSBtYW51YWxseS48L2Rpdj48ZGl2PjIwMTctMTEtMTVUMTM6
MDU6NTlaIERFQlVHwqAgwqBGaWxlICZxdW90Oy91c3IvbGliL3B5dGhvbjIuNy9kaXN0LXBhY2th
Z2VzL2lwYXB5dGhvbi9hZG1pbnRvb2wucHkmcXVvdDssIGxpbmUgMTcyLCBpbiBleGVjdXRlPC9k
aXY+PGRpdj7CoCDCoCByZXR1cm5fdmFsdWUgPSBzZWxmLnJ1bigpPC9kaXY+PGRpdj7CoCBGaWxl
ICZxdW90Oy91c3IvbGliL3B5dGhvbjIuNy9kaXN0LXBhY2thZ2VzL2lwYXNlcnZlci9pbnN0YWxs
L2lwYV9zZXJ2ZXJfdXBncmFkZS5weSZxdW90OywgbGluZSA0NiwgaW4gcnVuPC9kaXY+PGRpdj7C
oCDCoCBzZXJ2ZXIudXBncmFkZSgpPC9kaXY+PGRpdj7CoCBGaWxlICZxdW90Oy91c3IvbGliL3B5
dGhvbjIuNy9kaXN0LXBhY2thZ2VzL2lwYXNlcnZlci9pbnN0YWxsL3NlcnZlci91cGdyYWRlLnB5
JnF1b3Q7LCBsaW5lIDE4NzgsIGluIHVwZ3JhZGU8L2Rpdj48ZGl2PsKgIMKgIHVwZ3JhZGVfY29u
ZmlndXJhdGlvbigpPC9kaXY+PGRpdj7CoCBGaWxlICZxdW90Oy91c3IvbGliL3B5dGhvbjIuNy9k
aXN0LXBhY2thZ2VzL2lwYXNlcnZlci9pbnN0YWxsL3NlcnZlci91cGdyYWRlLnB5JnF1b3Q7LCBs
aW5lIDE3OTcsIGluIHVwZ3JhZGVfY29uZmlndXJhdGlvbjwvZGl2PjxkaXY+wqAgwqAgY2FfZW5h
YmxlX2xkYXBfcHJvZmlsZV9zdWJzeXN0ZW0oY2EpPC9kaXY+PGRpdj7CoCBGaWxlICZxdW90Oy91
c3IvbGliL3B5dGhvbjIuNy9kaXN0LXBhY2thZ2VzL2lwYXNlcnZlci9pbnN0YWxsL3NlcnZlci91
cGdyYWRlLnB5JnF1b3Q7LCBsaW5lIDM0NywgaW4gY2FfZW5hYmxlX2xkYXBfcHJvZmlsZV9zdWJz
eXN0ZW08L2Rpdj48ZGl2PsKgIMKgIGNhaW5zdGFuY2UubWlncmF0ZV9wcm9maWxlc190b19sZGFw
KCk8L2Rpdj48ZGl2PsKgIEZpbGUgJnF1b3Q7L3Vzci9saWIvcHl0aG9uMi43L2Rpc3QtcGFja2Fn
ZXMvaXBhc2VydmVyL2luc3RhbGwvY2FpbnN0YW5jZS5weSZxdW90OywgbGluZSAxOTgxLCBpbiBt
aWdyYXRlX3Byb2ZpbGVzX3RvX2xkYXA8L2Rpdj48ZGl2PsKgIMKgIF9jcmVhdGVfZG9ndGFnX3By
b2ZpbGUocHJvZmlsZV9pZCwgcHJvZmlsZV9kYXRhLCBvdmVyd3JpdGU9RmFsc2UpPC9kaXY+PGRp
dj7CoCBGaWxlICZxdW90Oy91c3IvbGliL3B5dGhvbjIuNy9kaXN0LXBhY2thZ2VzL2lwYXNlcnZl
ci9pbnN0YWxsL2NhaW5zdGFuY2UucHkmcXVvdDssIGxpbmUgMTk4NywgaW4gX2NyZWF0ZV9kb2d0
YWdfcHJvZmlsZTwvZGl2PjxkaXY+wqAgwqAgd2l0aCBhcGkuQmFja2VuZC5yYV9jZXJ0cHJvZmls
ZSBhcyBwcm9maWxlX2FwaTo8L2Rpdj48ZGl2PsKgIEZpbGUgJnF1b3Q7L3Vzci9saWIvcHl0aG9u
Mi43L2Rpc3QtcGFja2FnZXMvaXBhc2VydmVyL3BsdWdpbnMvZG9ndGFnLnB5JnF1b3Q7LCBsaW5l
IDEyOTQsIGluIF9fZW50ZXJfXzwvZGl2PjxkaXY+wqAgwqAgcmFpc2UgZXJyb3JzLlJlbW90ZVJl
dHJpZXZlRXJyb3IocmVhc29uPV8oJiMzOTtGYWlsZWQgdG8gYXV0aGVudGljYXRlIHRvIENBIFJF
U1QgQVBJJiMzOTspKTwvZGl2PjxkaXY+PGJyPjwvZGl2PjxkaXY+MjAxNy0xMS0xNVQxMzowNTo1
OVogREVCVUcgVGhlIGlwYS1zZXJ2ZXItdXBncmFkZSBjb21tYW5kIGZhaWxlZCwgZXhjZXB0aW9u
OiBSZW1vdGVSZXRyaWV2ZUVycm9yOiBGYWlsZWQgdG8gYXV0aGVudGljYXRlIHRvIENBIFJFU1Qg
QVBJPC9kaXY+PGRpdj4yMDE3LTExLTE1VDEzOjA1OjU5WiBFUlJPUiBVbmV4cGVjdGVkIGVycm9y
IC0gc2VlIC92YXIvbG9nL2lwYXVwZ3JhZGUubG9nIGZvciBkZXRhaWxzOjwvZGl2PjxkaXY+UmVt
b3RlUmV0cmlldmVFcnJvcjogRmFpbGVkIHRvIGF1dGhlbnRpY2F0ZSB0byBDQSBSRVNUIEFQSTwv
ZGl2PjxkaXY+PGJyPjwvZGl2PjwvZGl2PgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fXzxicj4KRnJlZUlQQS11c2VycyBtYWlsaW5nIGxpc3QgLS0gPGEgaHJl
Zj0ibWFpbHRvOmZyZWVpcGEtdXNlcnNAbGlzdHMuZmVkb3JhaG9zdGVkLm9yZyIgdGFyZ2V0PSJf
YmxhbmsiPmZyZWVpcGEtdXNlcnNAbGlzdHMuZmVkb3JhaG9zdGVkLm9yZzwvYT48YnI+ClRvIHVu
c3Vic2NyaWJlIHNlbmQgYW4gZW1haWwgdG8gPGEgaHJlZj0ibWFpbHRvOmZyZWVpcGEtdXNlcnMt
bGVhdmVAbGlzdHMuZmVkb3JhaG9zdGVkLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPmZyZWVpcGEtdXNl
cnMtbGVhdmVAbGlzdHMuZmVkb3JhaG9zdGVkLm9yZzwvYT48YnI+CjwvYmxvY2txdW90ZT48L2Rp
dj4K

--===============2778987390319519219==--