pax_global_header�����������������������������������������������������������������������������������0000666�0000000�0000000�00000000064�13227265140�0014514�g����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������52 comment=ec6c7763f40eb6944a807a41e49cd199182a9fcb
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/����������������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13227265140�0012444�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/.gitignore������������������������������������������������������������������������������0000664�0000000�0000000�00000001200�13227265140�0014425�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Ignore these pythonisms
__pycache__/
*.pyc
# Vim backup file
*.swp
log/
var/
dnspython-tests/
/zone_tool~*
# Ignore when py-magcode-core symlinked in for work
magcode
# Passwords can be found in here - we don't woant to commit them!
etc/dms.conf
etc/rsync-slave-password
# Apache config
etc/vhost-dms-freebsd
# Don't archive python build directory
build
# Stuff in debian we should not worry about
/debian/dms-core/
/debian/dms-dr/
/debian/dms-wsgi/
/debian/dms/
/debian/tmp/
/debian/*.debhelper*
/debian/*.substvars
/debian/files
/debian/debhelper-build-stamp
# Sphinx doc files to ignore
doc/_build/
# Ignore python dist directory
dist
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/.gitmodules�����������������������������������������������������������������������������0000664�0000000�0000000�00000000000�13227265140�0014607�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/COPYING���������������������������������������������������������������������������������0000664�0000000�0000000�00000104513�13227265140�0013503�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc.
Copyright (C)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see Copyright (C)
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
.
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/INSTALL���������������������������������������������������������������������������������0000664�0000000�0000000�00000000641�13227265140�0013476�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������To Install:
See the PDF doc/DMS-090713-1002-38.pdf, 'Master Server
Install from Source Repository at the bottom of the index in the technical
section. The contents of this PDF is being entered intoa new Website for
the project.
Note: dms depends on py-magcode-core up at
https://github.com/grantma/py-magcode-core.git
Matthew Grant Sun, 14 Jul 2013 21:20:59 +1200
�����������������������������������������������������������������������������������������������dms-1.0.8.1/Makefile��������������������������������������������������������������������������������0000664�0000000�0000000�00000030712�13227265140�0014107�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env make
#
# Copyright (c) Net24 Limited, Christchurch, New Zealand 2011-2012
# and Voyager Internet Ltd, New Zealand, 2012-2013
#
# This file is part of py-magcode-core.
#
# Py-magcode-core is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Py-magcode-core is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with py-magcode-core. If not, see Sun, 14 Jul 2013 21:18:00 +1200
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/debian/���������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13227265140�0013666�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/debian/README.Debian��������������������������������������������������������������������0000664�0000000�0000000�00000126673�13227265140�0015746�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������DNS Management System
---------------------
The DNS Management System (DMS) is designed to have a master/replica master
setup. It is a complex setup, requiring the hand configuration of database, DNS
server, and other components.
Single Master Server
--------------------
If your setup does not require one of the
components such as quagga, dms-wsgi, or etckeeper, just skip that section.
Just install dms-core
apt-get install --install-recommends --install-suggested dms-core
At least install reccomends above, as this will pull in IPSEC to protect the
connections between the master and slave servers. This is fair more secure
than relying on MD5 HMAC for tamper proofing.
DNS Topology
------------
The description below will set up a Master DR setup with hidden master DNS.
Other topogies are possible, which are useful for smaller environments. You
can run without DR, and the Master server can also be 'unhidden' on the
Internet itself. Just take what you need from below.
A PDF of the Wiki for DMS for when it was internal to Net24 is available up at
http://mattgrant.net.nz/software/dms
It is advisable to get this and read it, as it will explain a lot of how this
all functions.
There is a wiki documentation area to be set up, keep an eye on
http://mattgrant.net.nz/software/dms
for news of this.
vim
---
Create the file /etc/vim/vimrc.local and add the following to it to enable DNS
syntax highlighting etc:
-----
"Turn on syntax highlighting for DNS etc
filetype plugin indent on
syntax on
-----
Repeat on DR master server as well.
less
----
Set the follwoing environment variable in /etc/profile, or /etc/bashrc
LESS=-MMRi
This will display the colorized output produced by colordiff
Repeat on DR master server as well.
etckeeper and ssh
-----------------
etckeeper is a tool to keep the contents of /etc in a git VCS. When combined
with ssh and the appropriate git remote setup with cron, it allows the /etc of
the other machine in the master/replica DR pair to be kept on its alternate,
and vice-versa.
The following is a safeguard against Murphies law (ie Back hoe fade, backups
required at disconnected data centre or offline storage 2 days away). My own
experience is my witness. This protects aginst the /etc on the master being
updated, the replica being missed, and then finding that things aren't working
on the replica when the master dies , with no record of the updates needed to
machine configuration.
For information on etckeeper usage, see /usr/share/doc/etckeeper/README.gz
Example for diffing/checking out /etc/racoon/racoon-tool.conf from other
machine:
dms-master1:/etc# git diff dms-master2/master racoon/racoon-tool.conf
dms-master1:/etc# git checkout dms-master2/master racoon/racoon-tool.conf
dms-master1:/etc# git checkout HEAD racoon/racoon-tool.conf
1) etckeeper installation. Before installing etckeeper, you need to add a
.gitignore to /etc to prevent /etc/shadow and other secrets files from ending
up in etckeeper for security reasons. The contents of the seed /etc/.gitignore
file is:
-----
# Ignore these files for security reasons
krb5.keytab
shadow
shadow-
racoon/psk.txt
ipsec.secrets
ssl/
ssh/moduli
ssh/ssh_host_*
-----
You probably have to purge etckeeper removing the initial /etc git archive if
you are reading this, create the .gitignore file, and reinstall etckeeper:
# dpkg --purge etckeeper
# vi /etc/.gitignore
# aptitude install etckeeper
Now would be a good time to install dms on both Master and Replica
# apt-get install --install-recommends --install-suggested dms
as this will install scripts needed for ssh configuration following.
1) Set up ssh. As root on both boxes, turn off the following settings in
sshd_config:
RSAAuthentication no
PubkeyAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
ChallengeResponseAuthentication no
PasswordAuthentication no
GSSAPIAuthentication no
X11Forwarding no
UsePAM no
Then add the following to /etc/ssh/sshd_config, and adjust your network
and administrative sshd authentication settings:
-----
UsePAM no
AllowTcpForwarding no
AllowAgentForwarding no
X11Forwarding no
PermitTunnel no
AllowGroups sudo root
# Section for DMS master/replica servers
Match Address 2001:db8:f012:2::3/128,2001:db8:ba69::3/128
PubkeyAuthentication yes
# PermitRootLogin forced-commands-only
# The above only works with commands given in authorized_keys
PermitRootLogin without-password
ForceCommand /usr/sbin/etckeeper_git_shell
# Section for administrative access
Match Address 2001:db8:ba69::/48,192.0.2.0/24,201.0.113.2/32
PermitRootLogin yes
GSSAPIAuthentication yes
PubkeyAuthentication yes
MaxAuthTries 10
X11Forwarding yes
AllowTcpForwarding yes
AllowAgentForwarding yes
-----
Reload sshd on both servers:
# service ssh reload
Create a passwordless ssh key on both servers as root, and copy the public
part of the key to /root/.ssh/authorized_keys.
# mkdir /root/.ssh
# ssh-keygen -f /root/.ssh/id_gitserve_rsa -t rsa -q -N ''
# vi /root/.ssh/config
and set contents of ssh config as follows, changing Host as appropriate:
-----
Host dms3-dr*
IdentityFile ~/.ssh/id_gitserve_rsa
-----
It is also a good idea to set up a /etc/hosts file entries on each server.
Set up /root/.ssh/authorized_keys:
-----
# mkdir /root/.ssh
# cat - > /root/.ssh/authorized_keys
-----
Cut and paste /root/.ssh/id_gitserve_rsa.pub from other machine into above,
finishing with ^D. Then do vice-versa, to make the other direction
functional.
Check that things work on both hosts:
# ssh -l root dms-master2
Rejected
Connection to dms-master2 closed.
etc.
Note: Stopping ssh and running sshd from the commandline '/usr/sbin/sshd -d' on
one, and then using 'ssh -vl root' on the other (and vice versa) is very useful
for connection debugging.
2) Git remote set up to pair up /etc archives.
As root do:
dms-master1# git remote add dms-master2 ssh://dms-master2.someorg.net/etc
and vice versa
Check that both work by executing:
dms-master1:/etc# git fetch --quiet dms-master2
and vice versa
3) Set up crond.
Edit the file /etc/cron.d/dms-core, uncomment the line for git fetch, and set
the remote name:
-----
# Replicate etckeeper archive every 4 hours
7 */4 * * * root cd /etc && /usr/bin/git fetch --quiet dms-master2
-----
Do test each cron command by running it from the root command line.
IPSEC set up
------------
The DMS system uses IPSEC to authenticate server access to the master servers,
encrypting and/or integrity protecting the outgoing zone transfers, rndc and
configuration rsync traffic.
Each server has IPSEC configured and active to both the replica servers (master and DR). The master and replica have IPSEC configured as well. Both
replica servers and 2 slaves should be PSK keyed with each other if DNSSEC
authentication is to be used for the majority of slaves. This ensures that the
DNSSEC CERT records can be progated for use.
Make SURE each individual IPSEC connection has a unique PSK key for security.
They can be generated easily, and cut/paste over terminal root session, so no
big loss if they are lost. Just make sure you have 'out-of-band' access via ssh.
Read through the Strongswan section as it has some useful tips on PSK
generation and other matters.
Sysctl IPSEC settings
---------------------
To prevent network problems with running out of buffers, create the file
/etc/sysctl.d/30-dms-core-net.conf with the following contents:
----
# Tune kernel for heavy IPSEC DNS work.
# Up the max connection buffers
net.core.somaxconn=8192
net.core.netdev_max_backlog=8192
# Reduce TCP final timeout
net.ipv4.tcp_fin_timeout=10
# Increase size of xfrm tables
net.ipv6.xfrm6_gc_thresh=16384
net.ipv4.xfrm4_gc_thresh=16384
----
and then reload sysctls with
# service procps start
Strongswan IPSEC set up
-----------------------
This is only covering basic PSK set up. If X509 needed see the
Strongswan wiki:
http://wiki.strongswan.org/projects/strongswan/wiki/UserDocumentation
The same PSK has to be at each end of the IPSEC 'connection'.
Generate PSK key with openssl:
# openssl rand -hex 64
and place in /etc/ipsec.secrets:
-----
2001:db8:345:678:2::beef : PSK 0xe788749d48c0a020bc26b15685ad7ea1630c090072acf3f1eeac14dfec90bd4c1ff86fbf82b219cb5c309c3c6ede2d072784823a69271eccce166421317be006
-----
Note format, "IPv6/IPv4/DNS-type-id : PSK 0xdaedbefdeadbeef" ...
Racoon also takes hex strings as PSK, just add the '0x' to the random number.
Sha1 and sha256 only use 64 bytes (512 bits) for the key. sha384 and better
128 bytes. Making the strings longer does not make sense, and can result in
some wacky behaviour with strongswan!
Set up /etc/ipsec.conf at each end:
-----
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
mobike=no
installpolicy=yes
conn dms-master2
authby=secret
right=2001:db8:f012:2::2
rightid=dms-master2.someorg.net
left=2001:db8:f012:2::3
leftid=dms-master1.someorg.net
type=transport
#ah=sha256-modp2048,sha1-modp1024
auto=route
-----
and vice versa. Note use of id statements. It saves having to bury IP numbers
in more than one place.
"auto=route" sets up SPD (use ip xfrm policy to inspect), and when dynamically
bring up the connection when needed.
AH (authentication header) can be turned on by defining AH protocol at each
end. This is useful inside DMZ or back end networks, and allows the traffic to
be inpected by a decent filtering firewall.
Reload ipsec by:
-----
dms-master1 # ipsec reload
dms-master1 # ipsec rereadsecrets
dms4-master # ipsec reload
dms4-master # ipsec rereadsecrets
Enter a separate PSK in /etc/ipsec.secrets for each IPSEC connection.
Useful ipsec commands are:
# ipsec status
# ipsec statusall
# ip xfrm policy
# ip xfrm state
# ipsec up
# ipsec down
# ipsec reload
# ipsec rereadsecrets
# ipsec restart.
Test the connection by pinging the far end - tests unencrypted reachability,
and then telnet/netcat the different TCP ports used across the link. This
will involve ports 873 (rsync), 953 (rndc/named), 53 (named) to each slave,
and port 53 on the masters (from slave). Between both the replica servers
(master and DR), port 5432 (postgresql) has to be reachable, as well as port 22
(ssh). Port 80 (http) for apt-get updates may also be involved.
Racoon IPSEC set up
-------------------
An alternative to Strongswan is to use racoon. This might be a better solution
if you are working with a lot of NetBSD or FreeBSD based systems.
This is only covering basic PSK set up. For X509 etc, see
/usr/share/doc/racoon/README.Debian
On each machine, dpkg-reconfigure racoon, and choose the "racoon-tool"
configuration method. Edit /etc/racoon/racoon-tool.conf, and add the machines
source IP address:
-----
connection(%default):
src_ip: 192.168.102.2
admin_status: disabled
-----
Add the other replica server and each DNS as a separate configuration fragment
in /etc/racoon/racoon-tool.conf.d, named after the machine's short hostname:
-----
peer(192.168.102.2):
connection(dms-master2-eth1):
dst_ip: 192.168.102.2
# defaults to esp
# encap: ah
admin_status: enabled
-----
For the replica servers, if you want to inspect/control traffic select ah IPSEC
encapsulation. Note, racoon-tool sets up a transport mode IPSEC connection if
no src_range/dst_range parameters are given.
For Racoon-tool only, transport mode used to not encrypt ICMP traffic, as that
can complicate UDP/TCP connection issues extensively. This will be changed
very shortly to conventionally encrypting IPSEC to be compatible with other
IPSEC solutions.
Also enter a separate PSK in /etc/racoon/psk.txt for each IPSEC connection.
Useful racoon-tool commands are:
# racoon-tool vlist
# racoon-tool spddump
# racoon-tool saddump
# racoon-tool vup
# racoon-tool vdown
# racoon-tool reload
# racoon-tool restart.
Test the connection by pinging the far end - tests unencrypted reachability,
and then telnet/netcat the different TCP ports used across the link. This
will involve ports 873 (rsync), 953 (rndc/named), 53 (named) to each slave,
and port 53 on the masters (from slave). Between both the replica servers
(master and DR), port 5432 (postgresql) has to be reachable, as well as port 22
(ssh). Port 80 (http) for apt-get updates may also be involved.
Firewalling on IPSEC links to Master Servers
--------------------------------------------
The Master servers need protection on the IPSEC connections from the slave
servers, and each other as the SPD does not have any sense fo connection
direction, and it ispossble to connect to all the services on the Master
Servers.
The netscript-ipfilter package can save the iptables/ip6tables filters that
you create.
Use the policy match module to match decrypted traffic coming from the IPSEC
connection
An example ip6tables output:
shalom-ext: -root- [/tmp/zones]
# ip6tables -vnL INPUT
Chain INPUT (policy ACCEPT 472K packets, 134M bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all * * fd14:828:ba69:2::3 ::/0 reject-with icmp6-port-unreachable
157K 20M ipsec-in all * * ::/0 ::/0 policy match dir in pol ipsec
shalom-ext: -root- [/tmp/zones]
# ip6tables -vnL ipsec-in
Chain ipsec-in (1 references)
pkts bytes target prot opt in out source destination
138K 16M ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT udp * * ::/0 ::/0 udp spt:500 dpt:500
0 0 icmphost icmpv6 * * ::/0 ::/0
198 18580 ACCEPT udp * * ::/0 ::/0 ctstate NEW udp dpt:53
17474 3629K ACCEPT udp * * ::/0 ::/0 ctstate NEW udp dpt:514
118 9440 ACCEPT tcp * * ::/0 ::/0 ctstate NEW tcp dpt:53
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 ctstate NEW tcp dpt:953
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 ctstate NEW tcp dpt:5432
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 ctstate NEW tcp dpt:5433
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 ctstate NEW tcp dpt:873
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 ctstate NEW tcp dpt:22
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 ctstate NEW tcp dpt:113
0 0 ACCEPT tcp * * 2001:470:f012:2::3 ::/0 tcp dpt:80 ctstate NEW
0 0 tcp * * 2001:470:f012:2::3 ::/0 tcp dpt:80 ctstate NEW
0 0 ACCEPT tcp * * fd14:828:ba69:1:21c:f0ff:fefa:f3c0 ::/0 ctstate NEW tcp dpt:80
128 10240 ACCEPT tcp * * fd14:828:ba69:1:21c:f0ff:fefa:f3c0 ::/0 ctstate NEW tcp dpt:22
0 0 ACCEPT tcp * * 2001:470:c:110e::2 ::/0 ctstate NEW tcp dpt:80
0 0 ACCEPT tcp * * 2001:470:66:23::2 ::/0 ctstate NEW tcp dpt:80
607 43704 log all * * ::/0 ::/0
shalom-ext: -root- [/tmp/zones]
The icmphost and log chains are created by using 'netscript ip6filter exec log'
and 'netscript ip6filter exec icmphost'. IPv6 helper chains created from RFC
4890 - 'Recommendations for Filtering ICMPv6 Messages in Firewalls'
Read /etc/netscript/network.conf, and the manpage netscript
The useful commands are:
netscript ipfilter/ip6filter reload netscript ipfilter/ip6filter save netscript
ipfilter/ip6filter exec icmphost (create an incoming ICMP filter for host
traffic) netscript ipfilter/ip6filter usebackup
PostgresQL DB Setup and Master/Replica Configuration
----------------------------------------------------
DB user and DB creation only has to happen on the initial master server, as it
will be 'mirrored' to the replica once DB replication is established. The
replica server will configured to run in 'hot-standby' mode so that we can
verify mirroring by read-only means using zone_tool.
Though the master and replica can run the PGSQL dms cluster on port 5433 or
other port, it is reccommended to swap the ports with the main cluster, and
revert the main cluster to manual start up.
Edit postgresql.conf /etc/postgresql/9.3/main and /etc/postgresql/9.3/dms,
and swap the settings for 'port =', making dms port 5432.
Edit /etc/postgresql/9.3/main/start.conf, and set it to manual.
Stop posgresql, and start it, (restart will probably result in failure due to a
port clash...):
# pg_ctlcluster 9.3 main stop
# service postgresql stop
# service postgresql start
Use etckeeper to migrate the configuration to the replica:
dms-master1:/etc# etckeeper commit
dms-master2:/etc# git fetch dms-master1
dms-master2:/etc/# git checkout dms-master1/master postgresql/9.3/main postgresql/9.3/dms
dms-master2:/etc# pg_ctlcluster 9.3 main stop
dms-master2:/etc# service postgresql stop
dms-master2:/etc# service postgresql start
On the master, set the DB passwords for the dms user and the ruser (they will
be copied to the replica when mirroring is started):
root@dms-master1:/home/grantma# pwgen -acn 16 10 (to pick your password)
root@dms-master1:/home/grantma# psql -U pgsql dms
psql (9.3.3)
Type "help" for help.
dms=# \password ruser
Enter new password:
Enter it again:
dms=# \password dms
Enter new password:
Enter it again:
dms=# \q
Note: The pgsql database super user exists for cross OS/distro compatibility
reasons.
Record the 2 passwords you have just set for reference. Put the ruser password
in /etc/dms/pgpassfile on both machines, updating the hostnames part of the
entry as well, which is in the standard PGSQL format (see section 31.14 in
"PostgreSQL 9.3.3 Documentation").
NB: You will have to alter the machine name and password. Use vi or vim as root to prevent permissions and ownership alteration.
Also edit /etc/dms/dms.conf, and set the dms db_password for zone_tool on
both machines as zone_tool uses password access unless user is in pg_ident.conf
Connecting Replica and Starting Replication
-------------------------------------------
On the master, and replica, set the replication address in pg_hba.conf:
dms-master1:/root# dms_admindb -r dms-master2.someorg.net
dms-master2:/root# dms_admindb -r dms-master1.someorg.net
Set up PGSQL recovery.conf, and start replica DB:
dms-master2:/root# service postgresql stop
dms-master2:/root# dms_pg_basebackup dms-master1.someorg.net
dms-master2:/root# dms_write_recovery_conf dms-master1.someorg.net
dms-master2:/root# service postgresql start
Note: The above is seeing DB replica functionality from the default DB as
master
Edit /etc/dms/dr-settings.sh, and update DR_PARTNER to the name of the opposite
server in the DR pair.
Check that replication is running by seeing if zone_tool can access default
configuration settings:
dms-master2:/root# zone_tool show_config
root@dms-master2:/home/grantma# zone_tool show_config
auto_dnssec: false
default_ref: someorg
default_sg: someorg-one
default_stype: bind9
edit_lock: false
event_max_age: 120.0
inc_updates: false
nsec3: false
soa_expire: 7d
soa_minimum: 24h
soa_mname: ns1.someorg.net. (someorg-one)
soa_refresh: 7200
soa_retry: 7200
soa_rname: soa.someorg.net.
syslog_max_age: 120.0
use_apex_ns: true
zi_max_age: 90.0
zi_max_num: 25
zone_del_age: 0.0
zone_del_pare_age: 90.0
zone_ttl: 24h
Master/Replica rsyncd setup
---------------------------
Both the machines will have to rsync from one another, depending on which is
running as the DR replica. So we are setting up rsync client passwords, and
rsyncd configuration on one, and using the same settings on the other
machine.
Add the following to /etc/rsyncd.conf
-----
hosts allow = 2001:db8:f012:2::2/128 2001:db8:f012:2::3/128
secrets file = /etc/rsyncd.secrets
[dnsconf]
path = /var/lib/dms/rsync-config
uid=bind
gid=bind
comment = Slave server config area
auth users = dnsconf
use chroot = yes
read only = no
[dnssec]
path = /var/lib/bind/keys
uid=bind
gid=dmsdmd
comment = DNSSEC key data area
auth users = dnssec
use chroot = yes
read only = no
-----
adjusting IP addresses as needed. And also set up the /etc/rsyncd.secrets file:
-----
dnsconf:SuperSecret
dnssec:PlainlyNotSecret
-----
making it only readable by root:
# chown root:root /etc/rsyncd.secrets
# chmod 600 /etc/rsyncd.secrets
and set the passwords /etc/dms/rsync-dnssec-password and
/etc/dms/rsync-dnsconf-password using vi to preserve permissions.
and enable the rsyncd daemon in /etc/default/rsync, and start the service.
# service rsync start
Use etckeeper to mirror the config to the replica:
dms-master1:/etc# etckeeper commit
dms-master2:/etc# git fetch dms-master1
dms-master2:/etc/# git checkout dms-master1/master rsyncd.secrets rsyncd.conf /etc/default/rsync dms/rsync-dnsconf-password dms/rsync-dnssec-password
dms-master2:/etc/# chmod 600 /etc/rsyncd.secrets
And start rsyncd on the replica as well.
Check that you can connect to the rsync port on one from the other machine,
and vice-versa.
root@dms-master2:/home/grantma# telnet dms-master1 rsync
Trying 192.168.101.2...
Connected to dms-master1.someorg.net.
Escape character is '^]'.
@RSYNCD: 30.0
^]c
telnet> c
Connection closed.
root@dms-master2:/home/grantma#
Lets create the master sg, and disabled replica servers (DMS master and DR),
and check that the DR slave named config can be rsynced.
dms-master1:/etc/# zone_tool
zone_tool > create_sg -p someorg-master /etc/dms/server-config-templates 2001:db8:f012:2::2 2001:db8:f012:2::3
zone_tool > create_server -g someorg-master dms-master2 2001:db8:f012:2::2
zone_tool > create_server -g someorg-master dms-master1 2001:db8:f012:2::3
zone_tool > rsync_server_admin_config dms-master2 no_rndc
zone_tool >
dms-master2:/etc/# zone_tool
zone_tool > rsync_server_admin_config dms-master1 no_rndc
zone_tool >
Look in /var/log/syslog on the rsyncd server to debug issues.
Setting up rsyslog on Master and Replica
----------------------------------------
On the master, create the file /etc/rsyslog.d/00network.conf with the contents:
-----
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
#$AllowedSender UDP, [2001:db8:c:110e::2]
#$AllowedSender TCP, [2001:db8:c:110e::2]
#$AllowedSender UDP, [2001:db8:66:23::2]
#$AllowedSender TCP, [2001:db8:66:23::2]
#$AllowedSender UDP, [2001:db8:ba69:1:21c:f0ff:fefa:f3c0]
#$AllowedSender TCP, [2001:db8:ba69:1:21c:f0ff:fefa:f3c0]
-----
All replica and slave DNS servers will have to be entered into this file.
Also alter the file /etc/rsyslog.d/pgsql and change the contents to:
-----
### Configuration file for rsyslog-pgsql
### Changes are preserved
$ModLoad ompgsql
local7.* /var/log/local7.log
local7.* :ompgsql:/var/run/postgresql,dms,rsyslog,
-----
Do the same for the replica, apart from the following:
IMPORTANT: On the Replica, comment out the last local7.* line. Don't change
the contents of that line, as the administration scripts go searching for
exactly that line. Replica file is as follows:
-----
### Configuration file for rsyslog-pgsql
### Changes are preserved
$ModLoad ompgsql
local7.* /var/log/local7.log
#local7.* :ompgsql:/var/run/postgresql,dms,rsyslog,
-----
The default configuration propagated to the DMS servers uses local7 as the
named logging facility.
Setting initial DR settings on both machines
--------------------------------------------
On both machines, edit /etc/dms/dr-settings.sh, and set DR_PARTNER to the name
of the opposite machine.
dms-master1# vi /etc/dms/dr-settings.sh
# Settings file for dr-scripts and Net24 PG database scripts
# DR Partner server host name
# ie default dms_start_as_replica master
# This is the exact DNS/host name which you have to replicate from
DR_PARTNER="dms4-d4-dr.someorg.net
.
.
.
The rest of the file is for type of DR fail over - by IP on a loop back
interface and/or routing, or by a failover domain in the DNS. We will set this
up later.
Setting up Bind9 master DNS server
----------------------------------
Create all the required TSIG rndc and dynamic DNS update keys, and generate
required /etc/bind/rndc.conf:
(If any of these commands stall, VM/machine does not have enough entropy. Make
sure haveged is installed and running.)
root@dms-master1:/etc/dms/bind# zone_tool generate_tsig_key -f update-ddns hmac-sha256 update-session.key
root@dms-master1:/etc/dms/bind# zone_tool generate_tsig_key -f rndc-key hmac-md5 rndc-local.key
root@dms-master1:/etc/dms/bind# zone_tool generate_tsig_key -f remote-key hmac-md5 rndc-remote.key
root@dms-master1:/etc/dms/bind# zone_tool write_rndc_conf -f
root@dms-master1:/etc/dms/bind# cp -a rndc-remote.key /etc/dms/server-admin-config/bind9
root@dms-master1:/etc/dms/bind# cp rndc-remote.key /var/lib/dms/rsync-config
Add the /etc/dms/bind/named.conf to /etc/default/bind9, and add a line to get
rid of the default rndc.key to stop rndc complaining:
-----
# Get rid of default bind9 rndc.key, that debian install scripts always
# generate Stops rndc complaining:
rm -f /etc/bind/rndc.key
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -c /etc/dms/bind/named.conf"
-----
Create /etc/bind/rndc.conf, to include the following:
-----
# include rndc configuration generated by DMS zone_tool
include "/var/lib/dms/rndc/rndc.conf";
-----
Restart named to make sure all is good:
root@dms-master1:/etc/bind# service bind9 stop
root@dms-master1:/etc/bind# service bind9 start
root@dms-master1:/etc/bind# rndc status
version: 9.9.5-2-Debian
CPUs found: 1
worker threads: 1
number of zones: 5
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
Enable dmsdmd, the dynamic DNS update and DMS event daemon by editing
/etc/default/dmsdmd, setting DMSDMD_ENABLE=true, and start it:
root@dms-master1:/etc# vi /etc/default/dmsdmd
root@dms-master1:/etc# service dmsdmd start
[ ok ] Starting dmsdmd: dmsdmd.
root@dms-master1:/etc# service dmsdmd status
[ ok ] dmsdmd is running.
Enable the master server so that the server SM can monitor named on the
machine (briefly, this server twitters to itself):
root@dms-master1:/etc# zone_tool enable_server dms-master1
This means that when dmsdmd is started, it will set up an index in the Master
SM in the DB to the Master server in the ServerSM table (important for keeping
track of where the master is for human output and ServerSM functionality - uses
machines actual network addresses cf. master_address and master_alt_address in
replica SG)
And make sure you can create a domain:
root@dms-master1:/etc/dms/bind# zone_tool create_zone foo.bar.org
root@dms-master1:/etc/dms/bind# zone_tool show_zone foo.bar.org
$TTL 24h
$ORIGIN foo.bar.org.
;
; Zone: foo.bar.org.
; Reference: someorg
; zi_id: 1
; ctime: Mon Jul 2 11:30:26 2012
; mtime: Mon Jul 2 11:31:03 2012
; ptime: Mon Jul 2 11:31:03 2012
;
;| Apex resource records for foo.bar.org.
;!REF:someorg
@ IN SOA ( ns1.someorg.net. ;Master NS
soa.someorg.net. ;RP email
2012070200 ;Serial yyyymmddnn
7200 ;Refresh
7200 ;Retry
604800 ;Expire
86400 ;Minimum/Ncache
)
IN NS ns2.someorg.net.
IN NS ns1.someorg.net.
root@dms-master1:/etc/dms/bind# zone_tool show_zonesm foo.bar.org
name: foo.bar.org.
alt_sg_name: None
auto_dnssec: False
ctime: Mon Jul 2 11:30:26 2012
deleted_start: None
edit_lock: False
edit_lock_token: None
inc_updates: False
lock_state: EDIT_UNLOCK
mtime: Mon Jul 2 11:30:26 2012
nsec3: False
reference: someorg
soa_serial: 2012070200
sg_name: someorg-one
state: PUBLISHED
use_apex_ns: True
zi_candidate_id: 1
zi_id: 1
zone_id: 1
zone_type: DynDNSZoneSM
zi_id: 1
ctime: Mon Jul 2 11:30:26 2012
mtime: Mon Jul 2 11:31:03 2012
ptime: Mon Jul 2 11:31:03 2012
soa_expire: 7d
soa_minimum: 24h
soa_mname: ns1.someorg.net.
soa_refresh: 7200
soa_retry: 7200
soa_rname: soa.someorg.net.
soa_serial: 2012070200
soa_ttl: None
zone_id: 1
zone_ttl: 24h
root@dms-master1:/etc/dms/bind# dig -t AXFR +noall +answer foo.bar.org @localhost
foo.bar.org. 86400 IN SOA ns1.someorg.net. soa.someorg.net. 2012070200 7200 7200 604800 86400
foo.bar.org. 86400 IN NS ns1.someorg.net.
foo.bar.org. 86400 IN NS ns2.someorg.net.
foo.bar.org. 86400 IN SOA ns1.someorg.net. soa.someorg.net. 2012070200 7200 7200 604800 86400
root@dms-master1:/etc/dms/bind# zone_tool delete_zone foo.bar.org
Reflect the bind and dms directories to the DR via etckeeper:
root@dms-master1:/etc# etckeeper commit
root@dms-master2:/etc# git fetch dms-master1
root@dms-master2:/etc# git checkout dms-master1/master dms/bind
root@dms-master2:/etc# git checkout dms-master1/master bind
root@dms-master2:/etc# git checkout dms-master1/master default/bind9
Setting UP DR bind9 slave server on Replica
-------------------------------------------
Edit /etc/dms/server-admin-config/bind9/controls.conf and add each masters IP
address to the uncommented inet allow line. IPv4 address will have to be
prefixed with '::ffff:' as by default Linux binds v6 sockets to IPv4.
Rsync the admin config from the master to the DR replica, not doing any rndc
reconfig:
root@dms-master1:/etc# zone_tool rsync_server_admin_config dms-master2 no_rndc
Copy the /etc/dms/server-admin-config/bind9 directory to
/var/lib/dms/rsync-config
root@dms-master1:/etc# cp -a /etc/dms/server-admin-config/bind9/* /var/lib/dms/rsync-config
root@dms-master1:/etc# chown bind:bind /var/lib/dms/rsync-config/*
Reflect the bind directory to the DR via etckeeper:
root@dms-master1:/etc# etckeeper commit
root@dms-master2:/etc# git fetch dms-master1
root@dms-master2:/etc# git checkout dms-master1/master dms/server-admin-config
To apply permissions on master to replica:
root@dms-master2:/etc# git checkout dms-master1/master .etckeeper
root@dms-master2:/etc# etckeeper init
root@dms-master2:/etc# etckeeper commit
Create rndc.conf include needed to start bind.
root@dms-master2:/etc# zone_tool write_rndc_conf
On the replica, Edit /etc/default/bind9, adding '-c
/etc/bind/named-dr-replica.conf' to OPTIONS, and restart named.
root@dms-master2:/etc# service bind9 restart
On the master, enable the DR replica server in the replica SG:
root@dms-master1:/etc# zone_tool enable_server dms-master2
Check by switching between master and replica:
root@dms-master1:/etc# dms_master_down
root@dms-master2:/etc/# dms_promote_replica
root@dms-master1:/etc# dms_start_as_replica dms-master2.someorg.net
Wait for synchronisation to be shown 15 - 20 minutes:
root@dms-master2:/etc# zone_tool show_replica_sg -v
sg_name: someorg-master
config_dir: /etc/dms/server-config-templates
master_address: 192.168.101.2
master_alt_address: 192.168.102.2
replica_sg: True
sg_id: 2
zone_count: 0
Slave Servers:
dms-master2 192.168.102.2
OK
dms-master1 192.168.101.2
OK
and switch back as above.
Importing Zones to DMS system
-----------------------------
Set the default settings shown in zone_tool show_config on the DMS master.
root@dms-master1:/etc# zone_tool show_config
root@dms-master1:/etc# zone_tool set_config soa_mname ns1.foo.bar.net
root@dms-master1:/etc# zone_tool set_config soa_rname soa.foo.bar.net
root@dms-master1:/etc# zone_tool set_config default_sg foo-bar-net
root@dms-master1:/etc# zone_tool set_config default_ref FOO-BAR-NET
root@dms-master1:/etc# zone_tool show_apex_ns
root@dms-master1:/etc# zone_tool edit_apex_ns
Create the default sg
root@dms-master1:/etc# zone_tool create_sg someorg-one
Aside: Apex ns records can be created and edited for each server group. By
default, the apex_ns records for the default SG are used. Use:
zone_tool> show_apex_ns some-sg
zone_tool> edit_apex_ns some-sg
to create and edit the apex NS server names.
Create all required reverse zone on the master, setting the zone_tool
create_zone inc_updates flag argument so that auto reverse zone records can be
created and managed.
root@dms-master1:/etc# zone_tool create_zone 2001:2e8:2012::/32 inc_updates
Import all the zones. First of all, load the apex zone which contains the
ns1/ns2 records with no_use_apex_ns, then load all the rest. Its an idea to
have a look at the edit_lock flag at the same time for those top zone(s). Note
that zone_tool load_zones requires all files to be named by full domain name.
root@dms-master1:/some/dir/with/zone/files# zone_tool load_zone foo.bar.net foo.bar.net no_use_apex_ns edit_lock
root@dms-master1:/some/dir/with/zone/files# zone_tool load_zones *
Setting up failover domain
--------------------------
This is the easiest way to repoint the Web UIs at the correct master server.
Anothe alternative is to use a loop back interface with a floating IP address,
and propagation via routing or simply by being on the ethernet segment. At the
moment the itnerface method requires the installation of netscript-2.4 instead
of ifupdown.
1. Create a failover domain
This needs to be updateable by incremental updates
---
zone_tool > create_zone failover.somorg.net inc_updates
---
2. Edit /etc/dms/dr-settings.sh, enable DMSDRDNS, set DMS_FAILOVER_DOMAIN,
the DMS_WSGI_LABEL (DNS host that 'floats' to where master is), and the TTL
----
# zone_tool update_rrs settings, for WSGI DNS name
# Uses a CNAME based template.
# Following is a flag to turn it on or off
DMSDRDNS=true
# If not defined or empty, the following is set to the hostname
DMS_MASTER=""
DMS_FAILOVER_DOMAIN="failover.someorg.net."
DMS_WSGI_LABEL="dms-server"
DMS_WSGI_TTL="30s"
DMS_UPDATE_RRS_TEMPLATE='
$ORIGIN @@DMS_FAILOVER_DOMAIN@@
$UPDATE_TYPE wsgi-failover
;!RROP:UPDATE_RRTYPE
@@DMS_WSGI_LABEL@@ @@DMS_WSGI_TTL@@ IN CNAME @@DMS_MASTER@@
'
----
3. Repeat 2. on DR server
4. Fail over system back and forth to establish DNS records and test
dms-master1 # dms_master_down
dms-master2 # dms_promote_replica
dms-master1 # dms_start_as_replica
.
.
.
and reverse:
.
.
.
dms-master2 # dms_master_down
dms-master1 # dms_promote_replica
dms-master2 # dms_start_as_replica
And you should be good to go, with a DMS WSGI server name of
"dms-server.failover.someorg.net."
Setting up WSGI on apache
-------------------------
Enable WSGI in /etc/dms/dr-settings.sh on both machines by editing file.
Include the /etc/dms/dms-wsgi-apache.conf fragment into the file
/etc/apache2/sites-available/default-ssl
Set the apache log level to info, delete the cgi-bin section, and set up the
SSL certificates.
Create the htpasswd file /etc/dms/htpasswd-dms, and set the passwords for
admin-dms, helpdesk-dms, value-reseller-dms, hosted-dms WSGI users.
Also don't forget to:
dms-master1 # cd /etc/dms
dms-master1 # chown root:www-data htpasswd-dms
dms-master1 # chmod 640 htpasswd-dms
Use a2ensite and a2dissite to enable the SSL default site
# a2dissite default
# a2ensite default-ssl
Reload apache2
# service apache2 reload
Reflect configuration as above to DR partner server
Check that it functions by using curl on the master server:
# cd /tmp
# cp -a /usr/share/doc/dms-core/examples/wsgi-json-testing .
# cd wsgi-json-testing
Edit json-test.sh so that it works for you, re URLs and user/password.
test4.jsonrpc uses list_zone, so try that first to check WSGI is live.
# ./json-test.sh test4
It is helpful to edit curl command to include --insecure if you are using a
self-signed SSL cert
It may take a while before anything shows up if you have imported tens of
thousands of zone. Full error information will be shown in the configured
apache error log /var/log/apache2/error.log. You can also try some of the
other example tests as well after editing them for the current setup.
Edit the WSGI configuration in /etc/dms to your liking. See documentation for
more details.
Mirror apache2 config to other DR partner server.
dms-master1 # etckeeper commit
dms-master2 # cd /etc
dms-master2 # git fetch dms-master1
dms-master2 # git checkout dms-master1/master apache2 dms/htpasswd-dms \
dms/dms-wsgi-apache.conf dms/wsgi-scripts
Fix permissions:
dms-master2 # git checkout dms-master1/master .etckeeper
dms-master2 # etckeeper init
dms-master2 # etckeeper commit
NOTE: Also try some of the readonly tests on the other DR partner server to
make sure WSGI is functional there. You will have to fail over to do this.
=================================
Setting up a Slave DNS Server
=================================
Based on Debian Wheezy.
Has 2 connections back to DMS DR partner servers. You can leave one
server out for racoon if only running one single DMS master server.
To prevent installation of recommended packages add the following to
/etc/apt/apt.conf.d/00local.conf:
----
// No point in installing a lot of fat on VM servers
APT::Install-Recommends "0";
APT::Install-Suggests "0";
----
Install these packages:
----
# aptitude install bind9 strongswan rsync cron-apt bind9-host dnsutils \
screen psmisc procps tree sysstat lsof telnet-ssl apache2-utils ntp
----
IPSEC
-----
See section above on IPSEC for how to do this.
Rsync
-----
1. Edit /etc/default/rsync, and enable rsyncd
2. Create /etc/rsyncd.conf:
----
hosts allow = 2001:db8:f012:2::2/128 2001:db8:f012:2::3/128
secrets file = /etc/rsyncd.secrets
[dnsconf]
path = /srv/dms/rsync-config
uid=bind
gid=bind
comment = Slave server config area
auth users = dnsconf
use chroot = yes
read only = no
----
3. Create /etc/rsyncd.secrets
----
dnsconf:SuperSecretRsyncSlavePasswoord
----
4. Do this at the shell to create target /srv/dms/rsync-config directory:
----
# mkdir -p /srv/dms/rsync-config
# chown bind:bind /srv/dms/rsync-config
----
5. And named slave directory
----
# mkdir /var/cache/bind/slave
# chown root:bind /var/cache/bind/slave
# chmod 775 /var/cache/bind/slave
----
6. Start rsyncd
Edit /etc/default/rsync to enable daemon
----
# service rsync start
----
7. Test connectivity from DMS Masters
----
dms-master1# telnet new-slave domain
dms-master1# telnet new-slave rsync
dms-master2# telnet new-slave domain
dms-master2# telnet new-slave rsync
Test by rsyncing config to slave - needed for configuring bind9
zone_tool> create_server new-slave-name ip-address
zone_tool> rsync_server_admin_config new-slave-name no_rndc
----
Bind9
-----
Change /etc/bind/named.conf.options to the following:
----
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addressesm replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
// dnssec-validation auto;
// auth-nxdomain no; # conform to RFC1035
listen-on { localhost; };
listen-on-v6 { any; };
include "/srv/dms/rsync-config/options.conf";
};
----
Note that the listen directives are given in file, Debian options commented
out, as they are set in the rsynced include at the bottom.
Change /etc/bind/named.conf.local to the following:
----
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// rndc config
include "/etc/bind/rndc.key";
include "/srv/dms/rsync-config/rndc-remote.key";
include "/srv/dms/rsync-config/controls.conf";
// Logging configuration
include "/srv/dms/rsync-config/logging.conf";
// Secondary zones
include "/srv/dms/rsync-config/bind9.conf";
----
This file is used to include all the required bits from the
/srv/dms/rsync-config directory. All this configuration can now be updated
from the master server, and the slave reconfigured – but watch it when you go
changing the rndc keys.
Restart bind9
----
# touch /srv/dms/rsync-config/bind9.conf
# chown bind:bind /srv/dms/rsync-config/bind9.conf
# service bind9 restart
----
and check /var/log/syslog for any errors.
Check that on the master servers that zone_tool rsync_server_admin_config
works, by default will rndc the slave
----
dms-master1# zone_tool write_rndc_conf
dms-master1# zone_tool rsync_server_admin_config new-slave
dms-master2# zone_tool write_rndc_conf
dms-master2# zone_tool rsync_server_admin_config new-slave
----
Enable Server
-------------
On the live DMS master, enable the slave, and watch that it changes state to
OK. This may take 15-20 minutes
NOTE: a reconfig_sg may be needed to initial seed zone config files on master.
These files are autmatically created/updated if a new domain is added to the
server group.
----
dms-master-live# zone_tool
zone_tool > enable_server
zone_tool > reconfig_sg someorg-one .
.
.
zone_tool > ls_pending_events
ServerSMCheckServer dms-master2 Fri Mar 14 11:28:55 2014
ServerSMConfigure dms-slave1 Fri Mar 14 11:31:35 2014
ServerSMCheckServer dms-master1 Fri Mar 14 11:28:54 2014
.
.
.
zone_tool > show_sg someorg-one
sg_name: someorg-one
config_dir: /etc/dms/server-config-templates
master_address: None
master_alt_address: None
replica_sg: False
zone_count: 4
DNS server status:
dms-slave1 fd14:828:ba69:7::18
OK
zone_tool >
----
-- Matt Grant Fri, 07 Mar 2014 14:50:58 +1300
���������������������������������������������������������������������dms-1.0.8.1/dms-test-sm�����������������������������������������������������������������������������0000775�0000000�0000000�00000002150�13227265140�0014545�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python3.2
#
# Copyright (c) Net24 Limited, Christchurch, New Zealand 2011-2012
# and Voyager Internet Ltd, New Zealand, 2012-2013
#
# This file is part of py-magcode-core.
#
# Py-magcode-core is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Py-magcode-core is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with py-magcode-core. If not, see [dns-server]"
COMMAND_DESCRIPTION = "Edit or manipulate a domain directly via dynamic DNS"
settings['config_section'] = 'DEFAULT'
class NoSOASerialUpdateCmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='n',
long_arg='no-serial',
help_text="Don't update SOA serial no",
settings_key = 'no_serial',
settings_default_value = False,
settings_set_value = True)
class WrapSOASerialCmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='r',
long_arg='wrap-serial',
help_text="Wrap SOA serial no",
settings_key = 'wrap_serial',
settings_default_value = False,
settings_set_value = True)
class UpdateSOASerialCmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='u',
long_arg='update-serial',
help_text="Just update SOA serial normally",
settings_key = 'update_serial',
settings_default_value = False,
settings_set_value = True)
class ForceUpdateCmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='f',
long_arg='force-update',
help_text="Force update if file unchanged",
settings_key = 'force_update',
settings_default_value = False,
settings_set_value = True)
class ClearDnskeyCmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='y',
long_arg='clear-dnskey',
help_text="Delete apex DNSKEY RRs",
settings_key = 'clear_dnskey',
settings_default_value = False,
settings_set_value = True)
class ClearNsec3CmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='k',
long_arg='clear-nsec3',
help_text="Delete NSEC3PARAM RR",
settings_key = 'clear_nsec3',
settings_default_value = False,
settings_set_value = True)
class Nsec3SeedCmdLineArg(BooleanCmdLineArg):
"""
Process verbose command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='s',
long_arg='nsec3-seed',
help_text="Create NSEC3PARAM RR",
settings_key = 'nsec3_seed',
settings_default_value = False,
settings_set_value = True)
class PortCmdLineArg(BaseCmdLineArg):
"""
Handle configuration file setting
"""
def __init__(self):
BaseCmdLineArg.__init__(self, short_arg='p:',
long_arg="port=",
help_text="set DNS server port")
def process_arg(self, process, value, *args, **kwargs):
"""
Set configuration file name
"""
settings['dns_port'] = value
class DynDNSTool(Process):
"""
Process Main Daemon class
"""
def __init__(self, *args, **kwargs):
Process.__init__(self, usage_message=USAGE_MESSAGE,
command_description=COMMAND_DESCRIPTION, *args, **kwargs)
self.cmdline_arg_list.append(NoSOASerialUpdateCmdLineArg())
self.cmdline_arg_list.append(WrapSOASerialCmdLineArg())
self.cmdline_arg_list.append(UpdateSOASerialCmdLineArg())
self.cmdline_arg_list.append(ForceUpdateCmdLineArg())
self.cmdline_arg_list.append(Nsec3SeedCmdLineArg())
self.cmdline_arg_list.append(ClearNsec3CmdLineArg())
self.cmdline_arg_list.append(ClearDnskeyCmdLineArg())
self.cmdline_arg_list.append(PortCmdLineArg())
def parse_argv_left(self, argv_left):
"""
Handle any arguments left after processing all switches
Override in application if needed.
"""
if (len(argv_left) != 1 and len(argv_left) != 2):
self.usage_short()
sys.exit(os.EX_USAGE)
self.argv_left = argv_left
self.zone_name = argv_left[0]
if not re.match('^[\S\.]+$', self.zone_name):
self.usage_short()
sys.exit(os.EX_USAGE)
if (not self.zone_name.endswith('.')):
self.zone_name += '.'
if (len(argv_left) ==2):
if not re.match('^[\S\.]+$', argv_left[1]):
self.usage_short()
sys.exit(os.EX_USAGE)
settings['dns_server'] = argv_left[1]
def _get_editor(self):
"""
Work out the users preference of editor, and return that
"""
editor = os.getenvb(b'VISUAL')
if (editor):
return editor
editor = os.getenvb(b'EDITOR')
if (editor):
return editor
editor = b'/usr/bin/sensible-editor'
if os.path.isfile(editor):
return editor
editor = b'/usr/bin/editor'
if os.path.isfile(editor):
return editor
# Fall back if none of the above is around...
return b'/usr/bin/vi'
def main_process(self):
"""Main process editzone
"""
def clean_up():
if (tmp_file):
os.unlink(tmp_file)
tmp_file = ''
# Get update session object
error_str = ''
try:
update_session = DynDNSUpdate(settings['dns_server'],
settings['dyndns_key_file'],
settings['dyndns_key_name'],
)
except (socket.error, DynDNSCantReadKeyError, IOError) as exc:
error_str = str(exc)
# Process above error...
if (error_str):
log_error("%s" % error_str)
sys.exit(os.EX_NOHOST)
# Do AXFR to obtain current zone data
msg = None
try:
(zone, dnskey_flag, nesc3param_flag) \
= update_session.read_zone(self.zone_name)
except NoSuchZoneOnServerError as exc:
msg = str(exc)
if msg:
log_error(msg)
sys.exit(os.EX_NOINPUT)
# Only edit zone if not wrapping SOA serial number
if (not settings['wrap_serial'] and not settings['update_serial']
and not settings['nsec3_seed'] and not settings['clear_nsec3']
and not settings['clear_dnskey']):
# Write zone out to a temporary file
(fd, tmp_file) = tempfile.mkstemp(prefix=settings['process_name'] + '-',
suffix='.zone')
os.close(fd)
zone.to_file(tmp_file)
# Edit zone data
old_stat = os.stat(tmp_file)
editor = self._get_editor()
try:
output = check_call([editor, tmp_file])
except CalledProcessError as exc:
log_error("editor exited with '%s'." % exc.returncode)
sys.exit(os.EX_SOFTWARE)
new_stat = os.stat(tmp_file)
if (not settings['force_update']
and old_stat[stat.ST_MTIME] == new_stat[stat.ST_MTIME]
and old_stat[stat.ST_SIZE] == new_stat[stat.ST_SIZE]
and old_stat[stat.ST_INO] == new_stat[stat.ST_INO]):
log_info("File '%s' unchanged after editing - exiting." % tmp_file)
clean_up()
sys.exit(os.EX_OK)
# Read in file and form zi structure
zone = dns.zone.from_file(tmp_file, self.zone_name)
# At the moment these values are just for the sake of it.
zi = ZoneInstance(soa_refresh='5m', soa_retry='5m', soa_expire='7d', soa_minimum='600')
for rdata in zone.iterate_rdatas():
zi.add_rr(dnspython_to_rr(rdata))
# Update Zone in DNS
rcode, msg, soa_serial, *stuff = update_session.update_zone(
self.zone_name, zi,
force_soa_serial_update=not(settings['no_serial']),
wrap_serial_next_time=settings['wrap_serial'],
nsec3_seed=settings['nsec3_seed'],
clear_nsec3=settings['clear_nsec3'],
clear_dnskey=settings['clear_dnskey']
)
if rcode == RCODE_NOCHANGE:
log_info(msg)
sys.exit(os.EX_OK)
# Delete temporary file
clean_up()
if rcode == RCODE_ERROR:
log_warning(msg)
sys.exit(os.EX_TEMPFAIL)
elif rcode == RCODE_RESET:
log_error(msg)
sys.exit(os.EX_IOERR)
elif rcode == RCODE_FATAL:
log_error(msg)
sys.exit(os.EX_IOERR)
# Everything good - Lets GO!
if (settings['verbose']):
log_info(msg)
else:
log_debug(msg)
sys.exit(os.EX_OK)
if (__name__ is "__main__"):
exit_code = DynDNSTool(sys.argv, len(sys.argv))
sys.exit(exit_code)
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/dms/app/zone_tool.py��������������������������������������������������������������������0000664�0000000�0000000�00000716632�13227265140�0016410�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python3.2
#
# Copyright (c) Net24 Limited, Christchurch, New Zealand 2011-2012
# and Voyager Internet Ltd, New Zealand, 2012-2013
#
# This file is part of py-magcode-core.
#
# Py-magcode-core is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Py-magcode-core is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with py-magcode-core. If not, see "
COMMAND_DESCRIPTION = "Edit a domain in the DMS"
# Internal globals to program
engine = None
db_session = None
switch_dict = {}
# Command line processing functions
class DoHelp(Exception):
"""
Argument processing exception - no match
"""
class DoNothing(Exception):
"""
Argument check error, go back to command line
"""
# Argument parsing functions used in ZoneToolCmd class below
# Global module namspace as it makes code below a lot tidier
ERROR_PREFIX = '*** '
ERROR_INDENT = ' '
OUTPUT_INDENT = ' '
_stdout = None
error_msg_wrapper = TextWrapper(initial_indent = ERROR_PREFIX,
subsequent_indent = ERROR_INDENT)
result_msg_wrapper = TextWrapper(initial_indent = ERROR_INDENT,
subsequent_indent = ERROR_INDENT)
output_msg_wrapper = TextWrapper(initial_indent = OUTPUT_INDENT + ' ',
subsequent_indent = OUTPUT_INDENT + ' ')
def ln2strs(arg):
"""
Splits arg into arguments, and returns tuple of args
"""
return tuple(map(str, shlex.split(arg)))
def arg_domain_name_text(domain_name, **kwargs):
"""
Process a
"""
# Check routines also over in dms.dns if this needs to be changed
if not re.match(DOMN_CHRREGEXP, domain_name):
print(error_msg_wrapper.fill(" can in some cases be a valid IP address or networ/mask, or if a domain contain the characters '-a-zA-Z0-9.'"), file=_stdout)
return None
if not domain_name.endswith(DOMN_LBLSEP):
domain_name += DOMN_LBLSEP
if len(domain_name) > DOMN_MAXLEN:
print(ERROR_PREFIX + " is %s long, must be <= %s."
% (len(domain_name), DOMN_MAXLEN), file=_stdout)
return None
labels = domain_name.split(DOMN_LBLSEP)
if labels[-1] != '':
print(error_msg_wrapper.fill("'%s' is no the root domain."
% labels[-1]), file=_stdout)
return None
for lbl in labels[:-1]:
# Skip 'root' zone
if not lbl:
print(error_msg_wrapper.fill(
" '%s' cannot have empty labels."
% domain_name.lower()), file=_stdout)
return None
if len(lbl) > DOMN_LBLLEN:
print(error_msg_wrapper.fill(
' - label longer than %s characters'
% DOMN_LBLLEN),
file=_stdout)
return None
if not label_re.search(lbl):
print(error_msg_wrapper.fill(
" - invalid label '%s'" % lbl), file=_stdout)
return None
if lbl[0] == '-' or lbl[-1] == '-':
print(error_msg_wrapper.fill(
" - invalid label '%s'" % lbl), file=_stdout)
return None
return {'name': domain_name.lower()}
def arg_domain_name_net(domain_name, **kwargs):
"""
Process a Handles Ip addresses, nets, and text
"""
# Check routines also over in dms.dns if this needs to be changed
# See if it has a netmask
if domain_name.find('/') < 0:
return arg_domain_name_text(domain_name, **kwargs)
# Split to mask and network
try:
(network, mask) = domain_name.split('/')
except ValueError:
print(error_msg_wrapper.fill(
"For a network, only one '/' can be given"), file=_stdout)
return None
try:
mask = int(mask)
except ValueError:
print(error_msg_wrapper.fill(
"network mask must be a valid decimal number."), file=_stdout)
return None
# Determine network family
if network.find(':') >= 0 and network.find('.') < 0:
try:
socket.inet_pton(socket.AF_INET6, network)
if mask not in range(4, 65, 4):
print(error_msg_wrapper.fill(
"IPv6 network mask must be a multiple of 4 between 4 and 64"),
file=_stdout)
return None
return {'name': domain_name.lower()}
except socket.error:
pass
elif network.isdigit() or network.find('.') >= 0 and network.find(':') < 0:
try:
network = network[:-1] if network.endswith('.') else network
num_bytes = len(network.split('.'))
if num_bytes < 4:
network += (4 - num_bytes) * '.0'
socket.inet_pton(socket.AF_INET, network)
if mask not in (8, 16, 24):
print(error_msg_wrapper.fill(
"IPv4 network mask must be 8, 16, or 24"), file=_stdout)
return None
return {'name': domain_name.lower()}
except socket.error:
pass
print(error_msg_wrapper.fill("network/mask - invalid network '%s' given."
% domain_name),
file=_stdout)
return None
def arg_domain_name(domain_name, **kwargs):
"""
Process a Handles IP addresses, nets, and text
"""
# Check routines also over in dms.dns if this needs to be changed
# Check for network addresses
try:
socket.inet_pton(socket.AF_INET, domain_name)
return {'name': domain_name.lower()}
except socket.error:
pass
try:
socket.inet_pton(socket.AF_INET6, domain_name)
return {'name': domain_name.lower()}
except socket.error:
pass
return arg_domain_name_net(domain_name, **kwargs)
def arg_domain1_name(domain1_name, **kwargs):
"""
Process a Handles IP addresses, nets and text
"""
result = arg_domain_name(domain1_name, **kwargs)
if not result:
return None
return {'domain1_name': result['name']}
def arg_domain2_name(domain2_name, **kwargs):
"""
Process a Handles IP addresses, nets and text
"""
result = arg_domain_name(domain2_name, **kwargs)
if not result:
return None
return {'domain2_name': result['name']}
def arg_src_domain_name(src_domain_name, **kwargs):
"""
Process a Handles IP addresses, nets and text
"""
result = arg_domain_name(src_domain_name, **kwargs)
if not result:
return None
return {'src_name': result['name']}
def arg_key_name(key_name, **kwargs):
"""
Process a TSIG key name
"""
result = arg_domain_name_text(key_name, **kwargs)
if result:
return {'key_name': result['name']}
return None
def arg_label(label, **kwargs):
"""
Process a
"""
if not re.match(r'^[\-_a-zA-Z0-9\.\?\*@]+$', label):
print(ERROR_PREFIX + " can only contain characters '-_a-zA-Z0-9.?*@'", file=_stdout)
return None
if len(label) > 255:
print(ERROR_PREFIX + " is %s long, must be <= 255."
% len(label), file=_stdout)
return None
return {'label': label.lower()}
def arg_rr_type(type_, **kwargs):
"""
Process an rr_type argument
"""
types = type_.split()
out = []
for t in types:
if not re.match(r'^[_a-zA-Z0-9]+$', t):
print(ERROR_PREFIX + " can only contain characters '_a-zA-Z0-9'", file=_stdout)
return None
if len(t) > 20:
print(ERROR_PREFIX + " '%s' is %s long, must be <= 20."
% (t, len(t)), file=_stdout)
return None
out.append(t.lower())
return {'type': out}
def arg_rdata(rdata, **kwargs):
"""
Process an rdata argument
"""
if not re.match(r'^[\-\._a-zA-Z0-9 \t]+$', rdata):
print(ERROR_PREFIX + " can only contain characters '-._a-zA-Z0-9' \t", file=_stdout)
return None
return {'rdata': rdata}
def arg_sectag_label(sectag_label, **kwargs):
"""
Process a
"""
if not re.match(r'^[\-_a-zA-Z0-9\.]+$', sectag_label):
print(ERROR_PREFIX + " can only contain characters '-_a-zA-Z0-9.'", file=_stdout)
return None
if not re.match(r'^[0-9a-zA-Z][\-_a-zA-Z0-9\.]*$', sectag_label):
print(ERROR_PREFIX + " must start with 'a-zA-Z0-9'", file=_stdout)
return None
if len(sectag_label) > 60:
print(ERROR_PREFIX + " is %s long, must be <= 60."
% len(sectag_label), file=_stdout)
return None
return {'sectag_label': sectag_label}
def _arg_zi_id(zi_id, arg_type, arg_str, **kwargs):
"""
Process a
"""
if zi_id == '*':
zi_id = '0'
# zi_id checks done futher in in ZoneEngine._resolv_zi_id
return {arg_type: zi_id}
def arg_zi_id(zi_id, **kwargs):
"""
Process a
"""
return _arg_zi_id(zi_id, 'zi_id', 'zi-id', **kwargs)
def arg_zi1_id(zi1_id, **kwargs):
"""
Process a
"""
return _arg_zi_id(zi1_id, 'zi1_id', 'zi1-id', **kwargs)
def arg_zi2_id(zi2_id, **kwargs):
"""
Process a
"""
return _arg_zi_id(zi2_id, 'zi2_id', 'zi2-id', **kwargs)
def arg_zone_id(zone_id, **kwargs):
"""
Process a
"""
try:
zone_id = int(zone_id)
except ValueError:
print(ERROR_PREFIX + " can only contain digits.",
file=_stdout)
return None
return {'zone_id': zone_id}
def arg_last_limit(last_limit, **kwargs):
"""
Process a
"""
try:
last_limit = int(last_limit)
except ValueError:
print(ERROR_PREFIX + " can only contain digits.",
file=_stdout)
return None
return {'last_limit': last_limit}
def arg_event_id(event_id, **kwargs):
"""
Process a
"""
try:
event_id = int(event_id)
except ValueError:
print(ERROR_PREFIX + " can only contain digits.",
file=_stdout)
return None
return {'event_id': event_id}
def arg_edit_lock_token(edit_lock_token, **kwargs):
"""
Process an
"""
try:
edit_lock_token = int(edit_lock_token)
except ValueError:
print(ERROR_PREFIX + " can only contain digits.",
file=_stdout)
return None
return {'edit_lock_token': edit_lock_token}
def arg_force(force, **kwargs):
"""
Process a 'force' argument
"""
if force.lower() != 'force':
print(ERROR_PREFIX + "'force' is the only option here.",
file=_stdout)
return None
return {'force': True}
def arg_zone_attribute(attribute, **kwargs):
"""
process zone flag
"""
attributes = ('use_apex_ns', 'edit_lock', 'auto_dnssec', 'nsec3',
'inc_updates')
if (attribute.lower() not in attributes):
print (ERROR_PREFIX + "Can only take one of: %s."
% str(attributes), file=_stdout)
return None
return {'attribute': attribute}
def arg_zone_option(zone_option, **kwargs):
"""
process a zone option
"""
zone_options = ('use_apex_ns', 'edit_lock', 'auto_dnssec', 'nsec3',
'inc_updates',
'no_use_apex_ns', 'no_edit_lock', 'no_auto_dnssec',
'no_nsec3', 'no_inc_updates',
'def_use_apex_ns', 'def_edit_lock', 'def_auto_dnssec',
'def_nsec3', 'def_inc_updates')
if (zone_option.lower() not in zone_options):
print (error_msg_wrapper.fill("Can only take one of: %s."
% str(zone_options)), file=_stdout)
return None
if zone_option.startswith('no_'):
return {zone_option[3:]: False}
elif zone_option.startswith('def_'):
key = zone_option[4:]
default = engine.get_config_default(key)
return {key: default}
else:
return {zone_option: True}
def arg_boolean(value, **kwargs):
"""
Deal with on/off/true/false/0/1
"""
table = {'on': True, 'off': False, 'true': True, 'false': False, '1': True,
'0': False, 'yes': True, 'no': False}
try:
return {'value': table[value.lower()]}
except KeyError:
print (error_msg_wrapper.fill(" can only be one of: on, off, true, false, 1, 0, yes, no."),
file=_stdout)
return None
def arg_config_dir(config_dir, **kwargs):
"""
Deal with a directory name
"""
if config_dir.lower() in ('none', 'default'):
return {'config_dir': None}
if not config_dir.startswith('/'):
print (error_msg_wrapper.fill(" '%s' must start with '/'."
% config_dir),
file=_stdout)
return None
if len(config_dir) > 1024:
print (error_msg_wrapper.fill(
" must less than 1025 characters long."), file=_stdout)
return None
return {'config_dir': config_dir}
def arg_file_name(file_name, **kwargs):
"""
Deal with a file name
"""
return {'file_name': file_name}
def arg_zone_ttl(zone_ttl, **kwargs):
"""
Handle a zone_ttl argument
"""
if len(zone_ttl) > 20:
print(ERROR_PREFIX + " is %s long, must be <= 20."
% len(zone_ttl), file=_stdout)
return None
if not re.match('^[0-9wdhms]+$', zone_ttl):
print(ERROR_PREFIX
+ " can only contain characters '0-9wdhms'",
file=_stdout)
return None
try:
dns.ttl.from_text(zone_ttl)
except dns.ttl.BadTTL as exc:
print(error_msg_wrapper.fill(" - %s" % str(exc)),
file=_stdout)
return None
return {'zone_ttl': zone_ttl}
def arg_config_key(key, **kwargs):
"""
Deal with set_config keys
"""
global config_keys
if key not in config_keys:
cfg_list = ', '.join(config_keys)
print (error_msg_wrapper.fill("Key '%s' must be one of %s'."
% (key, cfg_list)),
file=_stdout)
return None
return {'config_key': key}
def arg_config_value(value, **kwargs):
"""
Check out a value
"""
global _config_keys
args = kwargs['args']
index = kwargs['index']
# Check previous argument
if args[index-1] not in config_keys:
raise Exception("Something really is wrong here!")
prev_arg = args[index-1].lower()
if prev_arg in ('use_apex_ns', 'edit_lock', 'auto_dnssec', 'nsec3',
'inc_updates'):
result = arg_boolean(value)
if not result:
return None
return result
if prev_arg in ('default_sg',):
result = arg_sg_name(value)
if not result:
return None
return {'value': result['sg_name']}
if prev_arg in ('default_ref',):
result = arg_reference(value)
if not result:
return None
return {'value': result['reference']}
if prev_arg in ('default_stype',):
result = arg_server_type(value)
if not result:
return None
return {'value': result['server_type']}
if prev_arg in ('soa_mname', 'soa_rname'):
result = arg_domain_name_text(value)
if not result:
return None
return {'value': result['name']}
if prev_arg in ('zi_max_age', 'zone_del_age', 'zone_del_pare_age',
'event_max_age', 'syslog_max_age'):
result = arg_age_days(value)
if not result:
return None
return {'value': result['age_days']}
if prev_arg in ('zi_max_num',):
result = arg_zi_max_num(value)
if not result:
return None
return {'value': result['zi_max_num']}
if len(value) > 20:
print(ERROR_PREFIX + " is %s long, must be <= 20."
% len(value), file=_stdout)
return None
if not re.match('^[0-9wdhms]+$', value):
print(ERROR_PREFIX
+ " can only contain characters '0-9wdhms'",
file=_stdout)
return None
return {'value': value}
def arg_server_type(server_type, **kwargs):
"""
Process argument
"""
global server_types
if server_type not in server_types:
cfg_list = ', '.join(server_types)
print (error_msg_wrapper.fill(" '%s' must be one of %s'."
% (server_type, cfg_list)),
file=_stdout)
return None
return {'server_type': server_type}
def arg_address(address, **kwargs):
"""
Process an argument
"""
address = address.strip()
address_type = None
try:
address.index(':')
address_type = socket.AF_INET6
except ValueError:
pass
try:
address.index('.')
address_type = socket.AF_INET
except ValueError:
pass
if not address_type:
print(ERROR_PREFIX
+ " can only be a valid IPv4 or IPv6 address.",
file=_stdout)
return None
try:
socket.inet_pton(address_type, address)
except socket.error:
print(ERROR_PREFIX
+ " can only be a valid IPv4 or IPv6 address.",
file=_stdout)
return None
return {'address': address}
def arg_address_none(address, **kwargs):
"""
Process an addess argument that can also take the 'none' or 'default'
keywords, and return None
"""
if (address.lower() == 'none'
or address.lower() == 'def'
or address.lower() == 'default'):
return {'address': None}
return arg_address(address, **kwargs)
def arg_alt_address_none(alt_address, **kwargs):
"""
Process an alt-addess argument that can also take the 'none' or
'default' keywords, are return None
"""
result = arg_address_none(alt_address, **kwargs)
if not result:
return None
return {'alt_address': result['address']}
def arg_ssh_address_none(ssh_address, **kwargs):
"""
Process an ssh_address argument that can also take the 'none'
keyword, and return None
"""
if (ssh_address.lower() == 'none'):
return {'ssh_address': None}
result = arg_address(ssh_address, **kwargs)
if not result:
return None
return {'ssh_address': result['address']}
def arg_server_name(server_name, **kwargs):
"""
Process a
"""
if not re.match(r'^[\-\._a-zA-Z0-9]+$', server_name):
print(ERROR_PREFIX + " can only contain characters '.-_a-zA-Z0-9'", file=_stdout)
return None
if not re.match(r'^[0-9A-Za-z][\-\._a-zA-Z0-9]*$', server_name):
print(ERROR_PREFIX + " must start with 'a-zA-Z0-9'", file=_stdout)
return None
if len(server_name) > 255:
print(ERROR_PREFIX + " is %s long, must be <= 255."
% len(server_name), file=_stdout)
return None
return {'server_name': server_name}
def arg_new_server_name(new_server_name, **kwargs):
"""
Process a
"""
if not re.match(r'^[\-\._a-zA-Z0-9]+$', new_server_name):
print(ERROR_PREFIX + " can only contain characters '.-_a-zA-Z0-9'", file=_stdout)
return None
if not re.match(r'^[0-9A-Za-z][\-\._a-zA-Z0-9]*$', new_server_name):
print(ERROR_PREFIX + " must start with 'a-zA-Z0-9'", file=_stdout)
return None
if len(new_server_name) > 255:
print(ERROR_PREFIX + " is %s long, must be <= 255."
% len(new_server_name), file=_stdout)
return None
return {'new_server_name': new_server_name}
def arg_sg_name(sg_name, **kwargs):
"""
Process an
"""
if not re.match(r'^[\-_a-zA-Z0-9]+$', sg_name):
print(ERROR_PREFIX + " can only contain characters '-_a-zA-Z0-9'", file=_stdout)
return None
if not re.match(r'^[0-9a-zA-Z][\-_a-zA-Z0-9]*$', sg_name):
print(ERROR_PREFIX + " must start with 'a-zA-Z0-9'", file=_stdout)
return None
if len(sg_name) > 32:
print(ERROR_PREFIX + " is %s long, must be <= 32."
% len(sg_name), file=_stdout)
return None
return {'sg_name': sg_name}
def arg_sg_name_none(sg_name, **kwargs):
"""
Process an sg_name argument that can also take the 'none', 'no
keywords, and return None
"""
if (sg_name.lower() in ('none', 'no', 'off', 'false')):
return {'sg_name': None}
return arg_sg_name(sg_name, **kwargs)
def arg_new_sg_name(new_sg_name, **kwargs):
"""
Process a new_sg_name argument
"""
result = arg_sg_name(new_sg_name, **kwargs)
if not result:
return None
return {'new_sg_name': result['sg_name']}
def arg_reference(reference, **kwargs):
"""
Process a
"""
if not re.match(r'^[\-_a-zA-Z0-9.@]+$', reference):
print(ERROR_PREFIX + " can only contain characters '-_a-zA-Z0-9.@'", file=_stdout)
return None
if not re.match(r'^[0-9a-zA-Z][\-_a-zA-Z0-9.@]*$', reference):
print(ERROR_PREFIX + " must start with 'a-zA-Z0-9'",
file=_stdout)
return None
if len(reference) > 1024:
print(ERROR_PREFIX + " is %s long, must be <= 1024."
% len(reference), file=_stdout)
return None
return {'reference': reference}
def arg_dst_reference(dst_reference, **kwargs):
"""
Process a dst_reference
"""
result = arg_reference(dst_reference, **kwargs)
if not result:
return None
return {'dst_reference': result['reference']}
def arg_age_days(age_days, **kwargs):
"""
Process a
"""
try:
age_days = float(age_days)
except ValueError:
print(ERROR_PREFIX + " can only be a float.",
file=_stdout)
return None
if age_days < 0:
print(ERROR_PREFIX + " cannot be less than 0.", file=_stdout)
return None
return {'age_days': age_days}
def arg_soa_serial(soa_serial, **kwargs):
"""
Process a .
Range checking done further in.
"""
try:
soa_serial = int(soa_serial)
except ValueError:
print(ERROR_PREFIX + " can only be an integer.",
file=_stdout)
return None
return {'soa_serial': soa_serial}
def arg_zi_max_num(zi_max_num, **kwargs):
"""
Process a
"""
try:
zi_max_num = int(zi_max_num)
except ValueError:
print(ERROR_PREFIX + " can only contain digits.",
file=_stdout)
return None
if zi_max_num < 1:
print(ERROR_PREFIX + " cannot be less than 1.",
file=_stdout)
return None
return {'zi_max_num': zi_max_num}
def arg_hmac_type(hmac_type, **kwargs):
"""
Process an HMAC name
"""
if hmac_type not in tsig_key_algorithms:
hmac_list = ', '.join(tsig_key_algorithms)
print (error_msg_wrapper.fill("HMAC '%s' must be one of %s'."
% (hmac_type, hmac_list)),
file=_stdout)
return None
return {'hmac_type': hmac_type}
def arg_no_rndc(no_rndc, **kwargs):
"""
Process a no_rndc argument
"""
result = True
if no_rndc.lower() != 'no_rndc':
result = False
return {'no_rndc': result}
# Arguments processed by cmdline handler
# set these up same as commandline args below which set settings keys
short_args = "aofg:ijn:pr:tuvz:"
long_args = ["force", "use-origin-as-name", "server-group=", "sg=",
"reference=", "ref=", "verbose", "show-all", "show-active", "zone=",
"domain=", "zi=", "replica-sg", "inc-updates", "oping-servers",
'soa-serial-update']
def parse_getopt(args):
"""
Parse command line arguments and remove from list.
"""
global switch_dict
try:
opts, args_left = gnu_getopt(args, short_args, long_args)
except GetoptError:
raise DoHelp()
switch_dict = {}
# Process options
for o, a in opts:
if o in ('-f', '--force'):
switch_dict['force_cmd'] = True
elif o in ('-a', '--show-all'):
switch_dict['show_all'] = True
elif o in ('-t', '--show-active'):
switch_dict['show_active'] = True
elif o in ('-g', '--server-group', '--sg'):
result = arg_sg_name(a)
if not result:
raise DoNothing()
switch_dict.update(result)
elif o in ('-p', '--replica-sg'):
switch_dict['replica_sg_flag'] = True
elif o in ('-i', '--inc-updates'):
switch_dict['inc_updates_flag'] = True
elif o in ('-j', '--oping-servers'):
switch_dict['oping_servers_flag'] = True
elif o in ('-o', '--use-origin-as-name'):
switch_dict['use_origin_as_name'] = True
elif o in ('-v', '--verbose'):
switch_dict['verbose'] = True
elif o in ('-u', '--soa-serial-update'):
switch_dict['force_soa_serial_update'] = True
elif o in ('-r', '--reference', '--ref'):
result = arg_reference(a)
if not result:
raise DoNothing()
switch_dict.update(result)
elif o in ('-n', '--zone', '--domain'):
result = arg_domain_name(a)
if not result:
raise DoNothing()
switch_dict.update(result)
elif o in ('-z', '--zi'):
result = arg_zi_id(a)
if not result:
raise DoNothing()
switch_dict.update(result)
else:
raise DoHelp()
return args_left
def parse_line(syntax_list, line):
"""
Parse the line, and return a tuple/dict of results, or None
"""
args = ln2strs(line)
# Parse command line arguments here
args = parse_getopt(args)
# Exit it called from do_ls
if not syntax_list:
return args
# Do line length syntax match
syntax_match = [x for x in syntax_list if len(x) == len(args)]
if not syntax_match:
raise DoHelp()
syntax = syntax_match[0]
arg_dict = {}
for i in range(len(args)):
arg = syntax[i](args[i], index=i, args=args)
if (not arg):
raise DoNothing()
arg_dict.update(arg)
return arg_dict
class ZoneToolCmd(cmd.Cmd, SystemEditorPager):
"""
Command processor environment for zone_tool
"""
intro = ("\nWelcome to the Domain Name Administration Service.\n\n"
"Type help or ? to list commands.\n")
prompt = '%s > ' % settings['process_name']
indent = OUTPUT_INDENT
error_prefix = ERROR_PREFIX
def __init__(self, *args, **kwargs):
global _stdout
# Remove '-' from readline word delimiter string
# import readline
# delims = readline.get_completer_delims()
# delims = delims.replace('-', '')
# readline.set_completer_delims(delims)
# print(readline.get_completer_delims())
super().__init__(*args, **kwargs)
self.exit_code = os.EX_OK
_stdout = self.stdout
self._get_login_id()
self._init_cmds_not_to_syslog_list()
self._open_syslog()
# Initialise self.admin_mode
self._init_restricted_commands_list()
self.check_if_admin()
# Initialise self.wsgi_test_mode
self._init_wsgi_test_commands_list()
self.wsgi_api_test_mode = False
# Set editor if in restricted shell mode. Bit messy doing via
# process_name, but it works
if not self.admin_mode and settings['editor_flag']:
settings['editor'] = settings['editor_' + settings['editor_flag']]
def _get_login_id(self):
"""
Get the login_id string
"""
try:
username = pwd.getpwuid(os.getuid()).pw_name
hostname = socket.getfqdn()
self.login_id = username + '@' + hostname
except (OSError, IOError) as exc:
self.exit_code = os.EX_OSERROR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
sys.exit(self.exit_code)
def _open_syslog(self):
"""
Open syslog for successful command logging
This is used for logging successful zone_tool command execution for
auditing. Did not use magcode.core.logging as it would spray a lot
of extra log messages that are not needed in an interactive session.
"""
log_facility = settings['zone_tool_log_facility'].upper()
if log_facility not in ('AUTH', 'AUTHPRIV', 'CRON', 'DAEMON', 'FTP',
'KERN', 'LOCAL0', 'LOCAL1', 'LOCAL2', 'LOCAL3', 'LOCAL4',
'LOCAL5', 'LOCAL6', 'LOCAL7', 'LPR', 'MAIL', 'NEWS', 'SYSLOG',
'USER', 'UUCP'):
msg = "Incorrect zone_tool_log_facility '%s'" % log_facility
print(error_msg_wrapper.fill(msg), file=self.stdout)
sys.exit(os.EX_CONFIG)
log_facility = eval('syslog.LOG_' + log_facility)
log_priority = settings['zone_tool_log_level'].upper()
if log_priority not in ('EMERG', 'ALERT', 'CRIT', 'ERR', 'WARNING',
'NOTICE', 'INFO', 'DEBUG'):
msg = "Incorrect zone_tool_log_level '%s'" % log_priority
print(error_msg_wrapper.fill(msg), file=self.stdout)
sys.exit(os.EX_CONFIG)
self._log_priority = eval('syslog.LOG_' + log_priority)
syslog.openlog(ident=settings['process_name'], facility=log_facility)
def _init_cmds_not_to_syslog_list(self):
"""
Load commands list from settings
"""
self._cmds_not_to_syslog = [ c.lower()
for c in settings['commands_not_to_syslog'].split()]
# Trap DB running in hot standby mode
def onecmd(self, line):
"""
Calls Cmd.onecmd(self, line)
Method traps PostgresQL running in replication mode
"""
# Double nested EXC so that standard exception processing
# happens for PostgresQL in Read Only hot-standby. This is lowest
# common point where this can be trapped properly, code is here
# for similarity to WSGI code in dms/dms_engine.py
try:
try:
result = super().onecmd(line)
except sqlalchemy.exc.InternalError as exc:
raise DBReadOnlyError(str(exc))
except DBReadOnlyError as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return None
# Log that a command was executed
cmd = line.strip().split()
if not cmd:
return result
cmd_verb = cmd[0].lower()
action_verb = cmd_verb.split('_')[0]
if action_verb.startswith('ls'):
action_verb = 'ls'
# Don't log information commands
if (action_verb in self._cmds_not_to_syslog):
return result
# Only log real commands
if not hasattr(self, 'do_' + cmd_verb):
return result
if self.exit_code == os.EX_OK:
login_id = self.login_id
msg = "%s executed command '%s'" % (login_id, line)
syslog.syslog(self._log_priority, msg)
return result
# Do restricted mode
def get_names(self):
if self.wsgi_api_test_mode:
return dir(self.__class__)
if hasattr(self, '_new_dir'):
return self._new_dir
if self.admin_mode:
self._new_dir = [attr for attr in dir(self.__class__)
if attr not in self._wsgi_test_cmds]
else:
self._new_dir = [attr for attr in self.__dict__
if not attr.startswith('do_')]
self._new_dir += self._restricted_cmds
return self._new_dir
def __getattribute__(self, attr):
if not attr.startswith('do_'):
# get on with it ASAP
return object.__getattribute__(self, attr)
if self.wsgi_api_test_mode:
# get on with it ASAP
return object.__getattribute__(self, attr)
if self.admin_mode:
if attr in object.__getattribute__(self, '_wsgi_test_cmds'):
raise AttributeError("'%s' object has no attribute '%s'"
% (object.__getattribute__(self, '__class__').__name__,
attr))
return object.__getattribute__(self, attr)
if attr not in object.__getattribute__(self, '_restricted_cmds'):
raise AttributeError("'%s' object has no attribute '%s'"
% (object.__getattribute__(self, '__class__').__name__,
attr))
return object.__getattribute__(self, attr)
def _init_restricted_commands_list(self):
"""
Load restricted commands list from settings
"""
self._restricted_cmds = [ 'do_' + c
for c in settings['restricted_mode_commands'].split()]
def _init_wsgi_test_commands_list(self):
"""
Load WSGI Test commands list from settings
"""
self._wsgi_test_cmds = [ 'do_' + c
for c in settings['wsgi_test_commands'].split()]
def init_wsgi_apt_test_mode(self):
"""
Turn this mode on if requested at command line, and if
in admin_mode
"""
if self.admin_mode:
self.wsgi_api_test_mode = settings['wsgi_api_test_flag']
def check_or_force(self):
if not switch_dict.get('force_cmd') and not settings['force_cmd']:
print(self.error_prefix + "Do really you wish to do this?",
file=self.stdout)
answer = ''
while not answer:
answer = input('\t--y/[N]> ')
if answer in ('n', 'N', ''):
return False
elif answer in ('y', 'Y'):
return True
answer = ''
continue
return True
def check_if_root(self):
"""
Check that we are running as root, if not exit with message.
"""
# check that we are root for file writing permissions stuff
if (os.geteuid() != 0 ):
self.exit_code = os.EX_NOPERM
msg = "Only root can execute this command"
print(error_msg_wrapper.fill(msg), file=self.stdout)
return False
return True
def fillin_sg_name(self, arg_dict, fillin_required=True):
"""
Fill in sg parameter when needed.
"""
global switch_dict
if switch_dict.get('sg_name'):
arg_dict['sg_name'] = switch_dict.get('sg_name')
return
# If it is already given via command line, return
if arg_dict.get('sg_name'):
return
if settings['default_sg']:
arg_dict['sg_name'] = settings['default_sg']
return
if fillin_required:
arg_dict['sg_name'] = zone_cfg.get_row_exc(db_session,
'default_sg')
def get_use_origin_as_name(self):
"""
Determine use_origin_as_name
"""
global switch_dict
if switch_dict.get('use_origin_as_name'):
return switch_dict['use_origin_as_name']
if settings.get('use_origin_as_name'):
return settings['use_origin_as_name']
return False
def get_replica_sg(self):
"""
Determine replica_sg
"""
global switch_dict
if switch_dict.get('replica_sg_flag'):
return switch_dict['replica_sg_flag']
if settings.get('replica_sg_flag'):
return settings['replica_sg_flag']
return False
def get_inc_updates(self):
"""
Determine inc_updates flag
"""
global switch_dict
if switch_dict.get('inc_updates_flag'):
return switch_dict['inc_updates_flag']
if settings.get('inc_updates_flag'):
return settings['inc_updates_flag']
return False
def get_verbose(self):
"""
Determine verbose output or not
"""
global switch_dict
if switch_dict.get('verbose'):
return switch_dict['verbose']
if settings.get('verbose'):
return settings['verbose']
return False
def get_oping_servers(self):
"""
Determine whether to do oping servers or not
"""
global switch_dict
if switch_dict.get('oping_servers_flag'):
return switch_dict['oping_servers_flag']
if settings.get('oping_servers_flag'):
return settings['oping_servers_flag']
return False
def fillin_reference(self, arg_dict, fillin_required=False):
"""
Fill in reference parameter when needed
"""
global switch_dict
if switch_dict.get('reference'):
arg_dict['reference'] = switch_dict.get('reference')
return
# If it is already given via command line, return
if arg_dict.get('reference'):
return
if settings['reference']:
arg_dict['reference'] = settings['reference']
return
def fillin_domain_name(self, arg_dict, fillin_required=False):
"""
Fill in name parameter when needed
"""
global switch_dict
if switch_dict.get('name'):
arg_dict['name'] = switch_dict.get('name')
return
# If it is already given via command line, return
if arg_dict.get('name'):
return
if settings['zone_name']:
arg_dict['name'] = settings['zone_name']
return
def fillin_show_all(self, arg_dict, fillin_required=False):
"""
Fill in show_all parameter when needed
"""
global switch_dict
if switch_dict.get('show_all'):
arg_dict['show_all'] = switch_dict.get('show_all')
return
# If it is already given via command line, return
if arg_dict.get('show_all'):
return
if settings['show_all']:
arg_dict['show_all'] = settings['show_all']
return
def fillin_show_active(self, arg_dict, fillin_required=False):
"""
Fill in show_active parameter when needed
"""
global switch_dict
if switch_dict.get('show_active'):
arg_dict['show_active'] = switch_dict.get('show_active')
return
# If it is already given via command line, return
if arg_dict.get('show_active'):
return
if settings['show_active']:
arg_dict['show_active'] = settings['show_active']
return
def fillin_force_soa_serial_update(self, arg_dict, fillin_required=False):
"""
Fill in force_soa_serial_update parameter when needed
"""
global switch_dict
if switch_dict.get('force_soa_serial_update'):
arg_dict['force_soa_serial_update'] = switch_dict.get(
'force_soa_serial_update')
return
# If it is already given via command line, return
if arg_dict.get('force_soa_serial_update'):
return
if settings['force_soa_serial_update']:
arg_dict['force_soa_serial_update'] \
= settings['force_soa_serial_update']
return
def fillin_replica_sg(self, arg_dict, fillin_required=False):
"""
Fill in replica_sg parameter when needed
"""
global switch_dict
if switch_dict.get('replica_sg_flag'):
arg_dict['replica_sg'] = switch_dict.get('replica_sg_flag')
return
# If it is already given via command line, return
if 'replica_sg' in arg_dict:
return
if settings['replica_sg_flag']:
arg_dict['replica_sg'] = settings['replica_sg_flag']
return
def fillin_inc_updates(self, arg_dict, fillin_required=False):
"""
Fill in inc_updates parameter when needed
"""
global switch_dict
if switch_dict.get('inc_updates_flag'):
arg_dict['inc_updates'] = switch_dict.get('inc_updates_flag')
return
# If it is already given via command line, return
if 'inc_updates' in arg_dict:
return
if settings['inc_updates_flag']:
arg_dict['inc_updates'] = settings['inc_updates_flag']
return
def fillin_oping_servers(self, arg_dict, fillin_required=False):
"""
Fill in oping_servers parameter when needed
"""
global switch_dict
if switch_dict.get('oping_servers_flag'):
arg_dict['oping_servers'] = switch_dict.get('oping_servers_flag')
return
# If it is already given via command line, return
if 'oping_servers' in arg_dict:
return
if settings['oping_servers_flag']:
arg_dict['oping_servers'] = settings['oping_servers_flag']
return
def fillin_zi_id(self, arg_dict, fillin_required=False):
"""
Fill in zi_id parameter when needed
"""
global switch_dict
if switch_dict.get('zi_id') is not None:
arg_dict['zi_id'] = switch_dict.get('zi_id')
return
# If it is already given via command line, return
if arg_dict.get('zi_id'):
return
if settings['zi_id']:
arg_dict['zi_id'] = settings['zi_id']
return
def do_exit(self, line):
"Exit program."
return True
do_quit = do_exit
do_EOF = do_exit
do_eof = do_exit
def emptyline(self):
"""
Override this to prevent repeat execution of last command if enter on
blank line!
"""
pass
def do_help(self, arg, no_pager=False):
"""
Wrap do_help so that it works properly with pager
"""
if no_pager:
super().do_help(arg)
return
out_buffer = io.StringIO()
old_stdout = self.stdout
self.stdout = out_buffer
super().do_help(arg)
self.stdout = old_stdout
out = out_buffer.getvalue()
out_buffer.close()
self.exit_code = self.pager(out)
# def precmd(self, line):
# """
# Turn '-' into '_' on first command verb
# """
# split_line = line.split()
# split_line[0] = split_line[0].replace('-', '_')
# line = ' '.join(split_line)
# return line
#
# def completenames(self, text, *ignored):
# dotext = 'do_'+text
# names = [a[3:] for a in self.get_names() if a.startswith(dotext)]
# names2 = [a.replace('_','-') for a in names if a.find('_') > 0]
# names.extend(names2)
# return names
def do_ls(self, line):
"""
List zones/domains (+ wildcards):
ls [-tv] [-r reference] [-g sg_name] [domain-name] [domain-name] ...
where: domain-name domain name with * or ? wildcards as needed
reference reference
sg_name server group name
-t show active
-v verbose output
"""
try:
names = parse_line(None, line)
except DoHelp:
self.do_help('ls')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
error_on_nothing = True if len(names) else False
try:
arg_dict = {}
self.fillin_reference(arg_dict)
self.fillin_sg_name(arg_dict, fillin_required=False)
self.fillin_show_active(arg_dict, fillin_required=False)
if arg_dict.get('show_active'):
# Warble the show_active argument
arg_dict['include_disabled'] = not arg_dict['show_active']
arg_dict.pop('show_active', None)
zones = engine.list_zone_admin(names=names, **arg_dict)
except ZoneSearchPatternError as exc:
self.exit_code = os.EX_USAGE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except (NoReferenceFound, NoSgFound) as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoZonesFound as exc:
zones = []
if (error_on_nothing):
self.exit_code = os.EX_NOHOST
msg = "Zones: %s - not present." % exc.data['name_pattern']
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
zones = ["%-32s %-12s %-14s%s" % (z['name'], z['soa_serial'],
z['state'],
' ' + z.get('reference') if z.get('reference') else '')
for z in zones]
else:
zones = [z['name'] for z in zones]
if zones:
zones = '\n'.join(zones)
self.exit_code = self.pager(zones, file=self.stdout)
do_list_zone = do_ls
def do_ls_deleted(self, line):
"""
List deleted zones/domains (+ wildcards):
ls_deleted [-v] [-r reference] [-g sg_name] [domain-name]
[domain-name] ...
where: domain-name domain name with * or ? wildcards as needed
reference reference
sg_name server group name
-v verbose output
"""
try:
names = parse_line(None, line)
except DoHelp:
self.do_help('ls_deleted')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
error_on_nothing = True if len(names) else False
try:
arg_dict = {'toggle_deleted': True}
self.fillin_reference(arg_dict)
self.fillin_sg_name(arg_dict, fillin_required=False)
zones = engine.list_zone_admin(names=names, **arg_dict)
except ZoneSearchPatternError as exc:
self.exit_code = os.EX_USAGE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except (NoReferenceFound, NoSgFound) as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoZonesFound as exc:
zones = []
if (error_on_nothing):
self.exit_code = os.EX_NOHOST
msg = "Zones: %s - not present." % exc.data['name_pattern']
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
zones = ["%-32s %-12s %-14s%s"
% (z['name'], z['zone_id'], z['deleted_start'],
' ' + z.get('reference') if z.get('reference') else '')
for z in zones]
else:
zones = ["%-32s %-12s%s"
% (z['name'], z['zone_id'],
' ' + z.get('reference') if z.get('reference') else '')
for z in zones]
if zones:
zones = '\n'.join(zones)
self.exit_code = self.pager(zones, file=self.stdout)
do_list_zone_deleted = do_ls_deleted
def do_ls_zi(self, line):
"""
List the zone instances for a domain:
ls_zi [-v] [-z zi_id] [zi-id]
where:
-v show ctime followed by mtime
Without -v, just ctime is displayed.
"""
syntax = ((arg_domain_name, arg_zi_id),
(arg_domain_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('ls_zi')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
self.fillin_zi_id(arg_dict)
try:
if (arg_dict.get('zi_id')
and arg_dict['zi_id'] not in (0, '*', '0')):
result = engine.list_resolv_zi_id(**arg_dict)
else:
arg_dict.pop('zi_id', None)
result = engine.list_zi(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
zi_s = []
for zi in reversed(result['all_zis']):
if self.get_verbose():
zi_str = '%-19s %-12s %s %s' % (zi['zi_id'],
zi['soa_serial'], zi['ctime'],
zi['mtime'])
else:
zi_str = '%-19s %-12s %s' % (zi['zi_id'], zi['soa_serial'],
zi['ctime'])
if zi['zi_id'] == result['zi_id']:
zi_s += ['*' + zi_str]
continue
zi_s += [' ' + zi_str]
zi_s = [self.indent + zi for zi in zi_s]
if zi_s:
zi_s = '\n'.join(zi_s)
self.exit_code = self.pager(zi_s, file=self.stdout)
do_list_zi = do_ls_zi
def _show_zonesm(self, zone_sm_dict):
"""
Given a zone_sm_dict, display it on stdout
"""
out = []
out += [ (self.indent + '%-16s' % (str(x) + ':')
+ ' ' + str(zone_sm_dict[x]))
for x in zone_sm_dict
if (x is not 'zi' and x is not 'all_zis'
and x is not 'sectags')]
name = [ x for x in out if (x.find(' name:') >= 0)][0]
out.remove(name)
out.sort()
out.insert(0, name)
out = '\n'.join(out)
return out
def do_show_zonesm(self, line):
"""
Show the settings for a zone SM: show_zonesm
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zonesm')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zone(**arg_dict)
except ZoneNotFound as exc:
print(self.error_prefix + "Zone '%s' not present." % line,
file=self.stdout)
self.exit_code = os.EX_NOHOST
return
if not result:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone '%s' not present." % line,
file=self.stdout)
return
out = self._show_zonesm(result)
if result.get('zi'):
# Only display ZI if it exists
out += '\n'
out += '\n'
out += self._show_zi(result['zi'])
self.exit_code = self.pager(out, file=self.stdout)
def do_show_zonesm_byid(self, line):
"""
Show the settings for a zone SM by id: show_zonesm_byid
"""
syntax = ((arg_zone_id,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zonesm_byid')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zone_byid(**arg_dict)
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone Instance '%s' not present." % line,
file=self.stdout)
return
out = self._show_zonesm(result)
if result.get('zi'):
out += '\n'
out += self._show_zi(result['zi'])
self.exit_code = self.pager(out, file=self.stdout)
def do_show_zone(self, line):
"""
Show a zone, by default as published: show_zone [zi-id]
"""
syntax = ((arg_domain_name, arg_zi_id),
(arg_domain_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zone_full(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone/Zone Instance '%s' not present."
% line, file=self.stdout)
return
# Stop 'q' in a pager printing exceptions
try:
out = data_to_bind(result['zi'], name=result['name'],
reference=result.get('reference'))
except IOError:
out = ''
if out:
self.exit_code = self.pager(out, file=self.stdout)
return
def do_show_zone_byid(self, line):
"""
Show a zone by zone_id, by default as published:
show_zone_byid [zi-id]
"""
syntax = ((arg_zone_id, arg_zi_id),
(arg_zone_id,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zone_byid')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zone_byid_full(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
# Stop 'q' in a pager printing exceptions
try:
out = data_to_bind(result['zi'], name=result['name'],
reference=result.get('reference'))
except IOError:
out = ''
if out:
self.exit_code = self.pager(out, file=self.stdout)
return
def _show_zi(self, zi_dict):
"""
Given a zi_dict, display it on stdout
"""
out = []
out += [ (self.indent + '%-16s' % (str(x) + ':')
+ ' ' + str(zi_dict[x]))
for x in zi_dict
if (x is not 'rr_groups'
and x is not 'rr_comments')]
zi_id = [ x for x in out if (x.find('zi_id') >= 0)][0]
out.remove(zi_id)
out.sort()
out.insert(0, zi_id)
out = '\n'.join(out)
return out
def do_show_zi(self, line):
"""
Show the settings for a ZI: show_zi [zi-id]
"""
syntax = ((arg_domain_name, arg_zi_id),
(arg_domain_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zi')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zi(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
out = self._show_zi(result)
self.exit_code = self.pager(out, file=self.stdout)
def do_show_zi_byid(self, line):
"""
Show the settings for a ZI: show_zi
"""
syntax = ((arg_zi_id,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zi_byid')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zi_byid(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZiNotFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
out = self._show_zi(result)
self.exit_code = self.pager(out, file=self.stdout)
def do_set_config(self, line):
"""
Set DB Configuration settings:
set_config [-g sg_name] [sg_name]
sg_name sg_name for soa_mname
Key can be one of:
default_sg Default Server Group
default_ref Default reference for created zones
auto_dnssec Boolean defaults used during initial zone creation
edit_lock
inc_updates
nsec3
use_apex_ns
soa_mname Used during initial zone creation
soa_rname
soa_refresh
soa_retry
soa_expire
soa_minimum
soa_ttl
zone_ttl
event_max_age Defaults used when vacuuming deleted zones,
syslog_max_age events, syslog messages and old zis.
zi_max_num
zi_max_age
zone_del_age 0 turns off deleted zone aging via vacuum_*
zone_del_pare_age 0 turns off zone zi paring to 1 via vacuum_*
"""
syntax=((arg_sg_name, arg_config_key, arg_config_value),
(arg_config_key, arg_config_value),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_config')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
if arg_dict.get('config_key') == 'soa_mname':
# only fill in SG group for soa_mname
self.fillin_sg_name(arg_dict)
result = engine.set_config(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except SgNameRequired as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZiParseError as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if result:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + result['message'], file=self.stdout)
def do_show_config(self, line):
"""
Display configuration values: show_config
"""
if line:
self.exit_code = os.EX_USAGE
self.do_help('show_config')
return
result = engine.show_config()
if not result:
print(self.error_prefix
+ "Error, no configuration returned from DB.",
file=self.stdout)
out = []
for zone_cfg in result:
if zone_cfg.get('sg_name'):
line = (self.indent + '%-18s' % (str(zone_cfg['key']) + ':')
+ ' ' + str(zone_cfg['value']) + ' ('
+ str(zone_cfg['sg_name']) + ')')
else:
line = (self.indent + '%-18s' % (str(zone_cfg['key']) + ':')
+ ' ' + str(zone_cfg['value']))
out.append(line)
out.sort()
out = '\n'.join(out)
self.exit_code = self.pager(out, file=self.stdout)
def do_show_apex_ns(self, line):
"""
Display apex name servers: show_apex_ns [-g sg_name] [sg_name]
"""
syntax=((arg_sg_name,),
())
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_apex_ns')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_sg_name(arg_dict)
ns_servers = engine.show_apex_ns(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
ns_servers = [self.indent + ns for ns in ns_servers]
ns_servers = '\n'.join(ns_servers)
self.exit_code = self.pager(ns_servers, file=self.stdout)
def do_edit_apex_ns(self, line):
"""
Edit apex name servers: edit_apex_ns [-g sg_name] [sg_name]
"""
def clean_up():
if (tmp_filename):
os.unlink(tmp_filename)
syntax=((arg_sg_name,),
())
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('edit_apex_ns')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_sg_name(arg_dict)
ns_servers = engine.show_apex_ns(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneCfgItemNotFound as exc:
# We need to be able to create entries
ns_servers= []
pass
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
# Write ns_servers to a temporary file
tmp_filename = ''
(fd, tmp_filename) = tempfile.mkstemp(prefix=settings['process_name']
+ '-', suffix='.apex_ns_servers')
tmp_file = io.open(fd, mode='wt')
for ns in ns_servers:
print(ns, file=tmp_file)
tmp_file.flush()
tmp_file.close()
# Edit NS servers list
old_stat = os.stat(tmp_filename)
editor = self.get_editor()
try:
output = check_call([editor, tmp_filename])
except CalledProcessError as exc:
print(self.error_prefix + "Editor exited with '%s'."
% exc.returncode, file=self.stdout)
self.exit_code = os.EX_SOFTWARE
return
# Check that file has definitely been changed.
new_stat = os.stat(tmp_filename)
if (old_stat[stat.ST_MTIME] == new_stat[stat.ST_MTIME]
and old_stat[stat.ST_SIZE] == new_stat[stat.ST_SIZE]
and old_stat[stat.ST_INO] == new_stat[stat.ST_INO]):
print(self.error_prefix + "File '%s' unchanged after editing "
"- exiting." % tmp_filename, file=self.stdout)
clean_up()
self.exit_code = os.EX_OK
return
# Read in file and set NS servers list
tmp_file = io.open(tmp_filename, mode='rt')
ns_servers = tmp_file.readlines()
tmp_file.close()
ns_servers = [ ns.strip() for ns in ns_servers ]
engine.set_apex_ns(ns_servers, sg_name=arg_dict['sg_name'])
clean_up()
return
def do_clear_edit_lock(self, line):
"""
Clear an edit lock: clear_edit_lock
"""
syntax = ((arg_domain_name, arg_edit_lock_token),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('clear_edit_lock')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
cancel_results = engine.cancel_edit_zone(**arg_dict)
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone '%s' not present."
% arg_dict['name'], file=self.stdout)
except CancelEditLockFailure as exc:
print(error_msg_wrapper.fill(str(exc)),
file=self.stdout)
self.exit_code = os.EX_UNAVAILABLE
return
return
# For WSGI APT testing
do_cancel_edit_zone = do_clear_edit_lock
def do_edit_zone(self, line):
"""
Edit a zone, by default as published: edit_zone [zi-id]
"""
def clean_up():
if (tmp_filename):
os.unlink(tmp_filename)
if (orig_filename):
os.unlink(orig_filename)
def cancel_edit_zone(name, edit_lock_token):
# Wrap this thing to contain try carry on as it is used as a
# clean up routine
try:
engine.cancel_edit_zone(name, edit_lock_token)
except (CancelEditLockFailure, ZoneNotFound):
return
return
def handle_exit_status(status):
"""
Based on code in subprocess module
"""
if os.WIFSIGNALED(status):
return - os.WTERMSIG(status)
elif os.WIFEXITED(status):
return os.WEXITSTATUS(status)
else:
raise RunTimeError("Unknown child exit status!")
syntax = ((arg_domain_name, arg_zi_id),
(arg_domain_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('edit_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
arg_dict['login_id'] = self.login_id
try:
zone_sm_data, edit_lock_token = engine.edit_zone_admin(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print("Zone/Zone Instance '%s' not present." % line,
file=self.stdout)
return
except EditLockFailure as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_UNAVAILABLE
return
# get domain name for use later on
name = zone_sm_data['name']
# Write zone data to a temporary file
tmp_filename = ''
orig_filename = ''
(fd, tmp_filename) = tempfile.mkstemp(prefix=settings['process_name']
+ '-', suffix='.zone')
(orig_fd, orig_filename) = tempfile.mkstemp(
prefix=settings['process_name']
+ '-', suffix='.zone.orig')
tmp_file = io.open(fd, mode='wt')
orig_file = io.open(orig_fd, mode='wb')
data_to_bind(zone_sm_data['zi'], name=name,
reference=zone_sm_data.get('reference'), file=tmp_file)
tmp_file.flush()
tmp_file.close()
# Write out orig file for diff
tmp_file = open(tmp_filename, 'rb')
bstuff = tmp_file.read()
orig_file.write(bstuff)
orig_file.flush()
orig_file.close()
# Edit Zone
parse_flag = False
old_stat = os.stat(tmp_filename)
prev_stat = os.stat(tmp_filename)
cursor_line = None
cursor_col = None
msg_wrapper = TextWrapper()
while not(parse_flag):
# Edit temp file, have to do our own wait, and every so often
# see if file changed.
editor = self.get_editor()
if cursor_line:
args = [editor, '+%s' % cursor_line, tmp_filename]
else:
args = [editor, tmp_filename]
sig_stuff = SignalBusiness()
sig_stuff.register_signal_handler(signal.SIGALRM,
SIGALRMHandler())
# Set up thirty second itimer to send SIGALRM every 30 seconds
signal.setitimer(signal.ITIMER_REAL, 30, 30)
error_str = None
try:
process = Popen(args)
except (IOError,OSError) as exc:
print (error_msg_wrapper.fill("Running %s failed: %s"
% (exc.filename, exc.strerror)), file=self.stdout)
self.exit_code = os.EX_SOFTWARE
return
status = None
editlock_timedout = False
editlock_timedout_msg = None
while sig_stuff.check_signals():
try:
pid, status = os.waitpid(process.pid, 0)
except OSError as exc:
if exc.errno != errno.EINTR:
raise
if status != None:
break
new_stat = os.stat(tmp_filename)
if (prev_stat[stat.ST_MTIME] != new_stat[stat.ST_MTIME]
or prev_stat[stat.ST_SIZE] != new_stat[stat.ST_SIZE]
or prev_stat[stat.ST_INO] != new_stat[stat.ST_INO]):
try:
engine.tickle_editlock(name, edit_lock_token)
except TickleEditLockFailure as exc:
editlock_timedout = True
editlock_timedout_msg = str(exc)
print (self.error_prefix + editlock_timedout_msg,
file=self.stdout)
prev_stat = new_stat
# Disable itimer
signal.setitimer(signal.ITIMER_REAL, 0)
sig_stuff.unregister_signal_handler(signal.SIGALRM)
return_code = handle_exit_status(status)
if return_code != os.EX_OK:
print(self.error_prefix + "editor exited with '%s'."
% exc.returncode, file=self.stdout)
if not editlocked_timedout:
cancel_edit_zone(name, edit_lock_token)
self.exit_code = os.EX_SOFTWARE
return
if editlock_timedout:
print (error_msg_wrapper.fill(editlock_timedout_msg),
file=self.stdout)
clean_up()
self.exit_code = os.EX_TEMPFAIL
return
# Check that file has definitely been changed.
new_stat = os.stat(tmp_filename)
if (old_stat[stat.ST_MTIME] == new_stat[stat.ST_MTIME]
and old_stat[stat.ST_SIZE] == new_stat[stat.ST_SIZE]
and old_stat[stat.ST_INO] == new_stat[stat.ST_INO]
and not settings['force_cmd']):
print(self.error_prefix + "File '%s'\n unchanged after editing - exiting."
% tmp_filename, file=self.stdout)
cancel_edit_zone(name, edit_lock_token)
clean_up()
self.exit_code = os.EX_OK
return
# Stop, Change, Diff or Accept
print(self.error_prefix + "Do you wish to Abort, "
"Change, Diff, or Update the zone '%s'?"
% name, file=self.stdout)
answer = ''
while not answer:
answer = input('--[U]/a/c/d> ')
if answer in ('\nUu'):
break
elif answer in ('Aa'):
cancel_edit_zone(name, edit_lock_token)
clean_up()
return
elif answer in ('Cc'):
continue
elif answer in ('Dd'):
# do diff
diff_bin = self.get_diff()
diff_args = self.get_diff_args()
diff_args = [diff_bin] + diff_args.split()
diff_args.append(orig_filename)
diff_args.append(tmp_filename)
tail_bin = self.get_tail()
tail_args = self.get_tail_args()
tail_argv = [tail_bin] + tail_args.split()
# Make sure Less is secure
pager_env = os.environ
if not self.admin_mode:
pager_env.update({'LESSSECURE': '1'})
pager_bin = self.get_pager()
pager_args = self.get_pager_args()
pager_argv = [pager_bin] + pager_args.split()
try:
p1 = Popen(diff_args, stdout=PIPE)
p2 = Popen(tail_argv, stdin=p1.stdout, stdout=PIPE)
p3 = Popen(pager_argv, stdin=p2.stdout, env=pager_env)
p1.stdout.close() # Allow p1 to receive a SIGPIPE if p2
# exits
p2.stdout.close()
# Do it
output = p3.communicate()
except (IOError,OSError) as exc:
print (error_msg_wrapper.fill("Running %s failed: %s"
% (exc.filename, exc.strerror)),
file=self.stdout)
self.exit_code = os.EX_SOFTWARE
return
# Go back round and query again
answer = ''
continue
answer = ''
else:
continue
# Read in zone file and update zone
try:
(zi_data, origin_name, update_type, zone_reference) \
= bind_to_data(tmp_filename, name)
result = engine.update_zone_admin(name, zi_data, self.login_id,
edit_lock_token)
except (ParseBaseException, ZoneParseError, ZiParseError,
PrivilegeNeeded, ZoneHasNoSOARecord,
ZoneSecTagDoesNotExist, SecTagPermissionDenied,
SOASerialError) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
if (isinstance(exc, ParseBaseException)
or isinstance(exc, ZoneParseError)):
print(exc.markInputline(), file=self.stdout)
if (isinstance(exc, PrivilegeNeeded)
or isinstance(exc, ZoneSecTagDoesNotExist)
or isinstance(exc, SecTagPermissionDenied)):
msg = "Privilege error - %s" % exc
elif (isinstance(exc, NoSgFound)
or isinstance(exc, ZoneCfgItem)):
msg = "Missing DMS config - %s" % exc
else:
msg = "Parse error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
print ("Do you want to correct it? ([Y] - continue/n - abort)",
file=self.stdout)
answer = input('--[Y]/n> ')
if answer in ('\nYy'):
if hasattr(exc, 'lineno'):
cursor_line = exc.lineno
cursor_col = exc.col
continue
else:
cancel_edit_zone(name, edit_lock_token)
clean_up()
self.exit_code = (os.EX_NOPERM
if isinstance(exc, PrivilegeNeeded)
else os.EX_DATAERR)
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
clean_up()
return
# Zone SM failures - keep these separate as these are not many
except UpdateZoneFailure as exc:
msg = ("Update Error - changes not saved - %s"
% exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_TEMPFAIL
clean_up()
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
clean_up()
return
except BinaryFileError as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
clean_up()
return
else:
parse_flag = True
clean_up()
return
def do_disable_zone(self, line):
"""
Disable a zone: disable_zone
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('disable_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.disable_zone(**arg_dict)
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone '%s' not present."
% arg_dict['name'], file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_enable_zone(self, line):
"""
Enable a zone: enable_zone
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('enable_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.enable_zone(**arg_dict)
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone '%s' not present."
% arg_dict['name'], file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_create_zone(self, line):
"""
Create a zone:
create_zone [-g ] [-i] [ -r reference]
[zone-option] ...
where -g : specify an SG name other than default_sg
-i: set inc_updates flag on the new zone
-r reference: set reference
zone-option: use_apex_ns|auto_dnssec|edit_lock|nsec3
|inc_updates
up to 5 times
"""
syntax = ((arg_domain_name_net, arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option, arg_zone_option),
(arg_domain_name_net, arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option),
(arg_domain_name_net, arg_zone_option, arg_zone_option,
arg_zone_option),
(arg_domain_name_net, arg_zone_option, arg_zone_option),
(arg_domain_name_net, arg_zone_option),
(arg_domain_name_net,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('create_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
self.fillin_sg_name(arg_dict, fillin_required=False)
self.fillin_reference(arg_dict)
self.fillin_inc_updates(arg_dict)
arg_dict['login_id'] = self.login_id
try:
create_results = engine.create_zone_admin(**arg_dict)
except ZoneExists:
print(self.error_prefix + "Zone '%s' already exists."
% arg_dict['name'], file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except (NoSgFound, ZoneCfgItem) as exc:
msg = "Zone '%s' can't create - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except InvalidDomainName as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied,) as exc:
engine.rollback()
msg = "Zone '%s' privilege needed - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
return
def do_copy_zone(self, line):
"""
Copy a zone:
copy_zone [-g ] [-i] [ -r reference] [-z zi_id]
[zone-option] ...
where -g : specify an SG name other than default_sg
-i: set inc_updates flag on the new zone
-r reference: set reference
-z zi_id: set zi_id used for copy source
zone-option: use_apex_ns|auto_dnssec|edit_lock|nsec3
|inc_updates
up to 5 times
"""
syntax = ((arg_src_domain_name, arg_domain_name_net,
arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option, arg_zone_option),
(arg_src_domain_name, arg_domain_name_net,
arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option),
(arg_src_domain_name, arg_domain_name_net,
arg_zone_option, arg_zone_option,
arg_zone_option),
(arg_src_domain_name, arg_domain_name_net,
arg_zone_option, arg_zone_option),
(arg_src_domain_name, arg_domain_name_net,
arg_zone_option),
(arg_src_domain_name, arg_domain_name_net,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('copy_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
self.fillin_sg_name(arg_dict, fillin_required=False)
self.fillin_reference(arg_dict)
self.fillin_zi_id(arg_dict)
self.fillin_inc_updates(arg_dict)
arg_dict['login_id'] = self.login_id
try:
create_results = engine.copy_zone_admin(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except (ZiNotFound, ZoneNotFound) as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except ZoneExists:
print(self.error_prefix + "Zone '%s' already exists."
% arg_dict['name'], file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except (NoSgFound, ZoneCfgItem) as exc:
msg = "Zone '%s' can't create - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except InvalidDomainName as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied,) as exc:
engine.rollback()
msg = "Zone '%s' privilege needed - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
return
def do_create_zi_zone(self, line):
"""
Create a zone from a zi:
create_zi_zone [-g ] [-i] [ -r reference]
[zone-option] ...
where -g : specify an SG name other than default_sg
-i: set inc_updates flag on the new zone
-r reference: set reference
zone-option: use_apex_ns|auto_dnssec|edit_lock|nsec3
|inc_updates
up to 5 times
"""
syntax = ((arg_zi_id, arg_domain_name_net,
arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option, arg_zone_option),
(arg_zi_id, arg_domain_name_net,
arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option),
(arg_zi_id, arg_domain_name_net,
arg_zone_option, arg_zone_option,
arg_zone_option),
(arg_zi_id, arg_domain_name_net,
arg_zone_option, arg_zone_option),
(arg_zi_id, arg_domain_name_net,
arg_zone_option),
(arg_zi_id, arg_domain_name_net,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('create_zi_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
self.fillin_sg_name(arg_dict, fillin_required=False)
self.fillin_reference(arg_dict)
self.fillin_inc_updates(arg_dict)
arg_dict['login_id'] = self.login_id
try:
create_results = engine.create_zi_zone_admin(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except (ZiNotFound, ZoneNotFound) as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneExists:
print(self.error_prefix + "Zone '%s' already exists."
% arg_dict['name'], file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except (NoSgFound, ZoneCfgItem) as exc:
msg = "Zone '%s' can't create - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except InvalidDomainName as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied,) as exc:
engine.rollback()
msg = "Zone '%s' privilege needed - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
return
def do_copy_zi(self, line):
"""
Copy a zi from a zone to another:
copy_zi [-z zi_id] [zi_id]
"""
syntax = ((arg_src_domain_name, arg_domain_name, arg_zi_id),
(arg_src_domain_name, arg_domain_name),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('copy_zi')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
self.fillin_zi_id(arg_dict)
arg_dict['login_id'] = self.login_id
try:
create_results = engine.copy_zi(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except (ZiNotFound, ZoneNotFound) as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_set_zone(self, line):
"""
Set Zone flags: set_zone [zone-option] ...
where zone-option can be: use_apex_ns|auto_dnssec|edit_lock
p to 4 times
"""
syntax = ((arg_domain_name, arg_zone_option, arg_zone_option,
arg_zone_option, arg_zone_option),
(arg_domain_name, arg_zone_option, arg_zone_option,
arg_zone_option),
(arg_domain_name, arg_zone_option, arg_zone_option),
(arg_domain_name, arg_zone_option),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.set_zone_admin(**arg_dict)
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone '%s' not present."
% arg_dict['name'], file=self.stdout)
return
except TypeError as exc:
self.exit_code = os.EX_USAGE
print(self.error_prefix + str(exc), file=self.stdout)
return
def do_delete_zone(self, line):
"""
Delete a zone: delete_zone
Edit locked zones can not be deleted.
"""
#syntax = ((arg_domain_name, arg_force),)
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
delete_results = engine.delete_zone(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone '%s' not present."
% arg_dict['name'], file=self.stdout)
return
except ZoneBeingCreated as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_TEMPFAIL
return
return
def do_undelete_zone(self, line):
"""
Undelete a zone: undelete_zone
This can only be done to a disabled or unconfigured zone.
"""
syntax = ((arg_zone_id,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
undelete_results = engine.undelete_zone(**arg_dict)
except ZoneNotFound as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOHOST
return
except ActiveZoneExists as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
return
def do_destroy_zone(self, line):
"""
Destroy a zone: destroy_zone
This can only be done to a deleted zone.
"""
syntax = ((arg_zone_id,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('destroy_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
destroy_results = engine.destroy_zone(**arg_dict)
except ZoneNotFoundByZoneId as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOHOST
return
except ZoneNotDeleted as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except ZoneSmFailure as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
return
def do_load_zone(self, line):
"""
Load a zone :
load_zone [-g sg-name] [-i] [-r reference]
[zone-option] ...
where -g : specify an SG name other than default_sg
-i: set inc_updates flag on the new zone
-r reference: set reference
zone-option: use_apex_ns|auto_dnssec|edit_lock|nsec3
|inc_updates
up to 5 times
"""
syntax = ((arg_file_name, arg_domain_name, arg_zone_option,
arg_zone_option, arg_zone_option, arg_zone_option,
arg_zone_option),
(arg_file_name, arg_domain_name, arg_zone_option,
arg_zone_option, arg_zone_option, arg_zone_option),
(arg_file_name, arg_domain_name, arg_zone_option,
arg_zone_option, arg_zone_option),
(arg_file_name, arg_domain_name, arg_zone_option,
arg_zone_option),
(arg_file_name, arg_domain_name, arg_zone_option),
(arg_file_name, arg_domain_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('load_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_reference(arg_dict)
self.fillin_sg_name(arg_dict)
self.fillin_inc_updates(arg_dict)
file_name = arg_dict.pop('file_name')
name = arg_dict.get('name')
arg_dict['zi_data'], origin_name, update_type, zone_reference \
= bind_to_data(file_name, name)
if not arg_dict.get('reference'):
arg_dict['reference'] = zone_reference
arg_dict['login_id'] = self.login_id
load_results = engine.create_zone_admin(**arg_dict)
except (IOError,OSError) as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_OSERR
return
except BinaryFileError as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except (ZoneNameUndefined, BadInitialZoneName,
InvalidDomainName) as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (ParseBaseException, ZoneParseError, ZoneHasNoSOARecord,
ZiParseError, SOASerialError) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
if (isinstance(exc, ParseBaseException)
or isinstance(exc, ZoneParseError)):
print(exc.markInputline(), file=self.stdout)
msg = "Parse error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = "Privilege error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
except (NoSgFound, ZoneCfgItem) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = "Zone '%s' can't create - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
# Zone SM failures - keep these separate as these are not many
except UpdateZoneFailure as exc:
msg = ("Update Error - changes not saved - %s"
% exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_TEMPFAIL
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except ZoneExists:
msg = "Zone '%s' already exists." % arg_dict['name']
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
return
def do_load_zones(self, line):
"""
Load zones : load_zones [-fi] [file-name] ...
where -f: force operation - don't ask yes/no
-g : specify an SG name other than default_sg
-i: set inc_updates flag on the new zone
-r reference: set reference
CAREFUL: If $ORIGIN is not in the files, the basename of the
file-name is used as the domain name
"""
# Preprocess argument list
try:
# This is to pick up commandline switches
args = parse_line(None, line)
except DoHelp:
self.do_help("load_zones")
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if not len(args):
self.exit_code = os.EX_USAGE
self.do_help('load_zones')
return
# Come up with seed arg_dict
try:
seed_arg_dict = {}
self.fillin_reference(seed_arg_dict)
self.fillin_sg_name(seed_arg_dict)
self.fillin_inc_updates(seed_arg_dict)
except (NoReferenceFound, NoSgFound) as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
# Check through given domains
try:
args_list = []
for arg in args:
# We are using file names as the domain names
# - parse all and apply checks
arg_pair = arg_file_name(arg)
if not arg_pair:
raise DoNothing()
name = basename(arg)
if not self.get_use_origin_as_name():
arg_name = arg_domain_name_text(name)
if not arg_name:
raise DoNothing()
else:
if not name.endswith('.'):
name += '.'
arg_name = {'name': name.lower()}
arg_pair.update(arg_name)
args_list.append(arg_pair)
except DoHelp:
self.do_help('load_zones')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
for arg_pair in args_list:
try:
zi_data, name, update_type, zone_reference \
= bind_to_data(arg_pair['file_name'],
arg_pair['name'],
self.get_use_origin_as_name())
if name.find('.') < 0:
msg = ("%s: zone name must have '.' in it!"
% arg_pair['file_name'])
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
continue
arg_dict = seed_arg_dict
arg_dict.update({'zi_data': zi_data, 'name': name})
if not seed_arg_dict.get('reference'):
arg_dict['reference'] = zone_reference
arg_dict['login_id'] = self.login_id
load_results = engine.create_zone_batch(**arg_dict)
except (ParseBaseException, ZoneParseError,
ZoneHasNoSOARecord, ZiParseError, SOASerialError) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
if (isinstance(exc, ParseBaseException)
or isinstance(exc, ZoneParseError)):
print(exc.markInputline(), file=self.stdout)
msg = ("Zone file '%s': parse error - %s"
% (arg_pair['file_name'], exc))
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
continue
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = ("Zone file '%s': privilege error - %s"
% (arg_pair['file_name'], exc))
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
except (NoSgFound, ZoneCfgItem) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = "Zone '%s' can't create - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
# Zone SM failures - keep these separate as these are not many
except UpdateZoneFailure as exc:
msg = ("Zone file '%s': update Error "
"- changes not saved - %s"
% (arg_pair['file_name'], exc))
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_TEMPFAIL
continue
except ZoneSmFailure as exc:
msg = ("Zone file '%s': ZoneSM failure - %s"
% (arg_pair['file_name'], exc))
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except ZoneExists as exc:
msg = ("Zone file '%s': zone '%s' already exists."
% (arg_pair['file_name'], exc.data['name']))
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
continue
except (ZoneNameUndefined, BadInitialZoneName,
InvalidDomainName) as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
continue
except (OSError, IOError) as exc:
msg = ("Zone file '%s': %s"
% (arg_pair['file_name'], str(exc)))
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_OSERR
if exc.errno in (errno.ENOENT, errno.EISDIR,
errno.EPERM, errno.EACCES):
continue
return
except BinaryFileError as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
continue
except KeyboardInterrupt:
self.exit_code = os.EX_TEMPFAIL
return
return
def do_load_zone_zi(self, line):
"""
Load a zi into a zone : load_zone_zi ...
"""
syntax = ((arg_file_name, arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('load_zone_zi')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
zone_sm_data, edit_lock_token = engine.edit_zone_admin(
arg_dict['name'],
login_id=self.login_id)
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print("Zone/Zone Instance '%s' not present." % arg_dict['name'],
file=self.stdout)
return
except EditLockFailure as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_UNAVAILABLE
return
try:
file_name = arg_dict.pop('file_name')
name = arg_dict.get('name')
arg_dict['zi_data'], origin_name, update_type, zone_reference \
= bind_to_data(file_name, name)
# Use normalize_ttls with imported data to stop surprises
arg_dict['normalize_ttls'] = True
arg_dict['login_id'] = self.login_id
arg_dict['edit_lock_token'] = edit_lock_token
load_results = engine.update_zone_admin(**arg_dict)
except (IOError,OSError) as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_OSERR
return
except BinaryFileError as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
return
except (ZoneNameUndefined, BadInitialZoneName,
InvalidDomainName) as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (ParseBaseException, ZoneParseError,
ZoneHasNoSOARecord, ZiParseError, SOASerialError) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
if (isinstance(exc, ParseBaseException)
or isinstance(exc, ZoneParseError)):
print(exc.markInputline(), file=self.stdout)
msg = "Parse error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = "Privilege error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
except (NoSgFound, ZoneCfgItem) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = "Zone '%s' can't create - %s" % (arg_dict['name'], exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREAT
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
# Zone SM failures - keep these separate as these are not many
except UpdateZoneFailure as exc:
msg = ("Update Error - changes not saved - %s"
% exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_TEMPFAIL
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_delete_zi(self, line):
"""
Delete a zi: delete_zi
This can only be done for a zi that is not currently in use .
"""
syntax = ((arg_domain_name, arg_zi_id),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_zi')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
results = engine.delete_zi(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone/Zone Instance '%s' not present."
% line, file=self.stdout)
return
except ZiInUse:
self.exit_code = os.EX_CANTCREAT
print(self.error_prefix + "Zone/Zone Instance '%s' is in use "
"- can't delete" % line, file=self.stdout)
return
return
def do_nuke_zones(self, line):
"""
Nuke zones (+ wildcards) nuke_zones: [domain-name] [domain-name] ....
"""
try:
args = parse_line(None, line)
except DoHelp:
self.do_help('nuke_zones')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if not args:
self.do_help('nuke_zones')
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
arg_dict = {}
self.fillin_reference(arg_dict)
self.fillin_sg_name(arg_dict)
zones = engine.nuke_zones(*args, **arg_dict)
except (NoReferenceFound, NoSgFound) as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
self.exit_code = os.EX_PROTOCOL
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
except NoZonesFound as exc:
self.exit_code = os.EX_NOHOST
msg = "Zones: %s - not present." % exc.data['name_pattern']
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_show_sectags(self, line):
"""
Display all security tags: show_sectags
"""
if line:
self.exit_code = os.EX_USAGE
self.do_help('show_sectags')
return
try:
result = engine.show_sectags()
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoSecTagsExist as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_NOHOST
return
out = []
out += [(self.indent + '%-16s' % x['sectag_label'])
for x in result]
out.sort()
out = '\n'.join(out)
self.exit_code = self.pager(out, file=self.stdout)
def do_create_sectag(self, line):
"""
Create a new security tag: create_sectag
"""
syntax = ((arg_sectag_label,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('create_sectag')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.create_sectag(**arg_dict)
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSecTagExists as exc:
msg = ("Security tag '%s' already exists."
% exc.data['sectag_label'])
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_OK
return
def do_delete_sectag(self, line):
"""
Delete an unused security tag: delete_sectag
"""
syntax = ((arg_sectag_label,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_sectag')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.delete_sectag(**arg_dict)
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSecTagDoesNotExist as exc:
self.exit_code = os.EX_NOHOST
msg = ("Security tag '%s' does not exist."
% exc.data['sectag_label'])
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneSecTagStillUsed as exc:
self.exit_code = os.EX_UNAVAILABLE
msg = ("Security tag '%s' is still in use."
% exc.data['sectag_label'])
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_show_zone_sectags(self, line):
"""
Display a zones security tags: show_zone_sectags
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_zone_sectags')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_zone_sectags(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoZoneSecTagsFound as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_NOHOST
return
out = []
out += [(self.indent + '%-16s' % x['sectag_label'])
for x in result]
out.sort()
out = '\n'.join(out)
self.exit_code = self.pager(out, file=self.stdout)
def do_add_zone_sectag(self, line):
"""
Add security tag to zone: add_zone_sectag
"""
syntax = ((arg_domain_name,arg_sectag_label),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('add_zone_sectag')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.add_zone_sectag(**arg_dict)
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSecTagDoesNotExist as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_delete_zone_sectag(self, line):
"""
Delete security tag from zone: delete_zone_sectag
"""
syntax = ((arg_domain_name,arg_sectag_label),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('add_zone_sectag')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.delete_zone_sectag(**arg_dict)
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSecTagDoesNotExist as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
def do_replace_zone_sectags(self, line):
"""
Replace all sectags for a zone: replace_zone_sectags
...
"""
# Improvise a little here...
syntax = ((arg_domain_name,),)
try:
args = list(ln2strs(line))
arg_dict = parse_line(syntax, args.pop(0))
sectag_labels = []
for arg in args:
arg = arg_sectag_label(arg)
if (not arg):
raise DoNothing()
sectag_labels.append(arg)
arg_dict['sectag_labels'] = sectag_labels
except DoHelp:
self.do_help('replace zone_sectags')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.replace_zone_sectags(**arg_dict)
except SecTagPermissionDenied as exc:
self.exit_code = os.EX_NOPERM
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSecTagDoesNotExist as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
def _print_show_mastersm(self, result, verbose=False):
"""
show_mastersm output.
"""
if not verbose:
result.pop('master_server_id', None)
result.pop('replica_sg_id', None)
result.pop('master_id', None)
out = []
out += [ (self.indent + '%-18s' % (str(x) + ':')
+ ' ' + str(result[x]))
for x in result ]
master_server = [ x for x in out if (x.find(' master_server:') >= 0)][0]
out.remove(master_server)
out.sort()
master_server = master_server.replace('master_server', 'MASTER_SERVER')
master_sm_banner = self.indent + 'NAMED master configuration state:'
out.insert(0, '')
out.insert(1, master_server)
out.insert(2, '')
out.insert(3, master_sm_banner)
out.insert(4, '')
out.append('')
out = '\n'.join(out)
return out
def do_show_master_status(self, line):
"""
Show state of master_sm: show_master_status [-v]
"""
syntax = ((),)
try:
args = parse_line(syntax, line)
except DoHelp:
self.exit_code = os.EX_USAGE
self.do_help('show_master_status')
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
verbose = self.get_verbose()
result = engine.show_mastersm()
if not result:
print(self.error_prefix
+ "Error, no configuration returned from DB.",
file=self.stdout)
out = self._print_show_mastersm(result, verbose)
self.exit_code = self.pager(out, file=self.stdout)
def do_reset_master(self, line):
"""
Reset master_sm: reset_master
Only do this if necessary. Resets master_sm to initial state,
and issues a MasterSMAllReconfig event.
"""
if line:
self.exit_code = os.EX_USAGE
self.do_help('reset_master')
return
engine.reset_mastersm()
def do_ls_sg(self, line):
"""
List all Server Groups: list_sg/lssg/ls_sg
List all Server Groups
"""
if line:
self.exit_code =os.EX_USAGE
self.do_help('ls_sg')
return
try:
result = engine.list_sg()
except NoSgFound as exc:
result = []
out = []
out += [ self.indent + '%-32s' % str(x['sg_name']) +' '
+ '%-4s' % str(x['sg_id']) + ' ' + str(x['config_dir'])
for x in result ]
out = '\n'.join(out)
self.exit_code = self.pager(out, file=self.stdout)
def _print_show_sg(self, result, verbose=False):
"""
SG display backend
"""
def format_server(x):
out_str = (self.indent + '%-28s' % str(x['server_name']) + ' '
+ '%-40s' % str(x['address']) + '\n'
+ self.indent + self.indent + str(x['state']))
if x.get('is_master'):
out_str += ' (check result on DMS NAMED master server)'
return out_str
if not result:
return '\n'
servers = result.pop('servers', None)
if not verbose:
result.pop('sg_id', None)
out = []
out += [ (self.indent + '%-20s' % (str(x) + ':')
+ ' ' + str(result[x])) for x in result ]
sg_name = [ x for x in out if (x.find(' sg_name:') >= 0)][0]
out.remove(sg_name)
out.sort()
out.insert(0, sg_name)
if result.get('replica_sg'):
server_header = 'Replica SG named status'
else:
server_header = 'DNS server status'
if servers:
if not verbose:
servers = [ s for s in servers
if not (s.get('is_master')
and s.get('state') in (SSTATE_OK, SSTATE_CONFIG))]
out.append('')
out.append(self.indent + server_header + ':')
out += [format_server(x)
for x in servers ]
out.append('')
out = '\n'.join(out)
return out
def do_show_sg(self, line):
"""
Show an SG and its servers: show_sg [-v]
Display an SG and its servers in brief.
"""
syntax = ((arg_sg_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
verbose = self.get_verbose()
try:
result = engine.show_sg(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
out = self._print_show_sg(result, verbose)
self.exit_code = self.pager(out, file=self.stdout)
return
def do_show_replica_sg(self, line):
"""
Show any replica SG and its servers: show_replica_sg [-v]
Display any replica SG and its servers in brief.
"""
syntax = ((),)
try:
args = parse_line(syntax, line)
except DoHelp:
self.exit_code = os.EX_USAGE
self.do_help('show_replica_sg')
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
verbose = self.get_verbose()
try:
result = engine.show_replica_sg()
except NoReplicaSgFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
out = self._print_show_sg(result, verbose)
self.exit_code = self.pager(out, file=self.stdout)
return
def do_create_sg(self, line):
"""
Create a new SG:
create_sg [-p] [config-dir] [address] [alt-address]
where:
sg-name SG name
-p SG created is the replica SG
config-dir SG configuration directory. If not given
defaults to config file value sg_config_dir.
If given as 'none' or 'default', same thing.
address Master server address for use in filling
in server zone templates
alt-address Master server address for use in filling
in server zone templates
"""
syntax = ((arg_sg_name, arg_config_dir, arg_address_none,
arg_alt_address_none),
(arg_sg_name, arg_config_dir, arg_address_none),
(arg_sg_name, arg_config_dir),
(arg_sg_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('create_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
arg_dict['replica_sg'] = self.get_replica_sg()
try:
result = engine.create_sg(**arg_dict)
except ReplicaSgExists as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
except SgExists as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_OK
except (IOError, OSError) as exc:
if exc.errno == errno.EOWNERDEAD:
self.exit_code = os.EX_NOUSER
else:
self.exit_code = os.EX_NOPERM
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_delete_sg(self, line):
"""
Delete an unused SG: delete_sg
where:
sg_name SG name
"""
syntax = ((arg_sg_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.delete_sg(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except SgStillUsed as exc:
self.exit_code = os.EX_UNAVAILABLE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_rename_sg(self, line):
"""
Rename an SG: rename_sg [-f]
where:
sg_name SG name
"""
syntax = ((arg_sg_name, arg_new_sg_name),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('rename_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.rename_sg(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except SgExists as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_UNAVAILABLE
return
def do_set_sg_config(self, line):
"""
Set SG configuration dir: set_sg_config [-f]
where:
sg-name SG name
config-dir SG configuration directory.
Use 'none' or 'default', to return to
config file value sg_config_dir.
"""
syntax = ((arg_sg_name, arg_config_dir),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_sg_config')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.set_sg_config(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except (IOError, OSError) as exc:
if exc.errno == errno.EOWNERDEAD:
self.exit_code = os.EX_NOUSER
else:
self.exit_code = os.EX_NOPERM
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_set_sg_master_address(self, line):
"""
Set SG master server address:
set_sg_master_address
where:
sg-name SG name
address Master server IP address for use in filling
in server zone templates.
Use 'none' or 'default', to return to
address used for the primary server hostname.
"""
syntax = ((arg_sg_name, arg_address_none),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_sg_master_address')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.set_sg_master_address(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_set_sg_master_alt_address(self, line):
"""
Set SG alternate master server address:
set_sg_master_alt_address
where:
sg-name SG name
alt-address Alternate master server IP address for use in
filling in server zone templates.
Use 'none' or 'default', to return to
address used for the primary server hostname.
"""
syntax = ((arg_sg_name, arg_alt_address_none),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_sg_master_alt_address')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.set_sg_master_alt_address(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_set_sg_replica_sg(self, line):
"""
Set SG alternate master server address:
set_sg_replica_sg [-f]
where:
-f Force operation
sg-name SG name or None/no
"""
syntax = ((arg_sg_name_none,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_sg_replica_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.set_sg_replica_sg(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ReplicaSgExists as exc:
self.exit_code = os.EX_PROTOCOL
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
def do_set_zone_sg(self, line):
"""
Set the sg for a zone:
set_zone_sg [-g sg-name] [sg-name]
No SG given means to set SG back to default
"""
syntax = ((arg_domain_name, arg_sg_name),
(arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_zone_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_sg_name(arg_dict, fillin_required=False)
result = engine.set_zone_sg(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotDisabled as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneCfgItem as exc:
self.exit_code = os.EX_CONFIG
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_dupe_zone_alt_sg(self, line):
"""
Duplicate a zone to an alternate SG, or set it there:
dupe_zone_alt_sg
This is useful if you want to include an external zone on
in (for example) a private internal SG group behind a firewall.
"""
syntax = ((arg_domain_name, arg_sg_name),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('dupe_zone_alt_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.set_zone_alt_sg(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
# For WSGI API test mode
do_set_zone_alt_sg = do_dupe_zone_alt_sg
def do_delete_zone_alt_sg(self, line):
"""
Delete/Clear the alternate sg for a zone:
delete_zone_alt_sg
This removes any alternate SG on a zone.
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_zone_alt_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
arg_dict['sg_name'] = None
result = engine.set_zone_alt_sg(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_swap_zone_sg(self, line):
"""
Swap over the SGs for a zone:
swap_zone_sg [-f]
This is part of the process of moving a zone from one SG to another.
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('swap_zone_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.swap_zone_sg(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except (ZoneNoAltSgForSwap, ZoneSmFailure) as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_reconfig_master(self, line):
"""
Reconfigure master DNS server: reconfig_master
Reconfigures the master DNS server via 'rndc reconfig'
"""
if line:
self.exit_code = os.EX_USAGE
self.do_help('reconfig_master')
return
result = engine.reconfig_master()
def do_reconfig_sg(self, line):
"""
Reconfigure an SG's DNS servers: reconfig_sg
Reconfigures an SG's DNS servers via the equivalent of
'rndc reconfig'
"""
syntax = ((arg_sg_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('reconfig_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.reconfig_sg(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_reconfig_replica_sg(self, line):
"""
Reconfigure the Replica SG's DNS servers:
reconfig_replica_sg
Rsyncs DNSSEC key material to all DR replicas, and reconfigure all the
DR replica named processes.
"""
syntax = ()
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('reconfig_replica_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.reconfig_replica_sg()
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_reconfig_all(self, line):
"""
Reconfigure all DNS servers: reconfig_all
Reconfigures the all dns servers via 'rndc reconfig' or
nearest equivalent, maybe even SIG_HUP for nsd3.
"""
if line:
self.exit_code = os.EX_USAGE
self.do_help('reconfig_all')
return
result = engine.reconfig_all()
def do_sign_zone(self, line):
"""
Sign a zone: sign_zone
DNSSEC sign a zone via 'rndc sign'
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('sign_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.sign_zone(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotDnssecEnabled as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_loadkeys_zone(self, line):
"""
Load keys for a zone: loadkeys_zone
Load keys for a zone via 'rndc loadkeys'
"""
syntax = ((arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('loadkeys_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.loadkeys_zone(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotDnssecEnabled as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_reset_zonesm(self, line):
"""
Reset state machine for a zone: reset_zone [-f] [zi-id]
"""
syntax = ( (arg_domain_name, arg_zi_id),
(arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('reset_zonesm')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
msg = "WARNING - doing this destroys DNSSEC RRSIG data."
print(error_msg_wrapper.fill(msg), file=self.stdout)
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
engine.reset_zone(**arg_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_reset_all_zones(self, line):
"""
Reset all zones: reset_all [-f]
Resets all zones. This will rebuild Master bind9 on disk DB. It is
a ZoneSM stress test command that only root can run.
"""
if line:
self.exit_code = os.EX_USAGE
self.do_help('reset_all_zones')
return
# Check that we are toor so that we can proceed
if not self.check_if_root():
return
# Query user as this may be unadvisable
msg = ("WARNING - doing this destroys DNSSEC RRSIG data,"
" and it is mainly a ZoneSM stress testing command.")
print(error_msg_wrapper.fill(msg), file=self.stdout)
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.reset_all_zones()
except ZoneNotFoundByZoneId as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_refresh_zone(self, line):
"""
Refresh a zone: refresh_zone/update_zone [-f] [zi_id]
This is done by queuing a zone update event.
"""
syntax = ( (arg_domain_name, arg_zi_id),
(arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('refresh_zone')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if (arg_dict.get('zi_id') and not self.check_or_force()):
self.exit_code = os.EX_TEMPFAIL
return
try:
engine.refresh_zone(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_refresh_sg(self, line):
"""
Refresh an SG's zones: refresh_sg/update_sg [-f]
Refreshes an SG's by queuing zone update events.
"""
syntax = ((arg_sg_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('refresh_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.refresh_sg(**arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotFoundByZoneId as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_refresh_all(self, line):
"""
Refresh all zones: refresh_all/update_all [-f]
Refreshes all zones by queuing zone update events.
"""
syntax = ((),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('refresh_all')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.refresh_all()
except ZoneNotFoundByZoneId as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_ls_reference(self, line):
"""
List references + wildcards: lsref [reference] [reference] ...
"""
try:
args = parse_line(None, line)
except DoHelp:
self.do_help('lsref')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
error_on_nothing = True if len(args) else False
try:
arg_dict = {}
self.fillin_reference(arg_dict)
if arg_dict.get('reference'):
args.insert(0, arg_dict['reference'])
ref_list = engine.list_reference(*args)
except NoReferenceFound as exc:
ref_list = []
if (error_on_nothing):
self.exit_code = os.EX_DATAERR
msg = "References: %s - not present." % line
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
references = [self.indent + r['reference'] for r in ref_list]
if references:
references = '\n'.join(references)
self.exit_code = self.pager(references, file=self.stdout)
def do_create_reference(self, line):
"""
Create a new reference: create_reference
"""
syntax = ((arg_reference,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('create_reference')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.create_reference(**arg_dict)
except ReferenceExists as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_OK
return
def do_delete_reference(self, line):
"""
Delete an unused reference: delete_reference
"""
syntax = ((arg_reference,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_reference')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.delete_reference(**arg_dict)
except ReferenceDoesNotExist as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ReferenceStillUsed as exc:
self.exit_code = os.EX_UNAVAILABLE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_rename_reference(self, line):
"""
rename a reference: rename_reference
"""
syntax = ((arg_reference, arg_dst_reference,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('rename_reference')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.rename_reference(**arg_dict)
except ReferenceDoesNotExist as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ReferenceExists as exc:
self.exit_code = os.EX_UNAVAILABLE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
return
def do_set_zone_reference(self, line):
"""
Set the reference for a zone:
set_zone_reference [-r reference] [reference]
"""
syntax = ((arg_domain_name,arg_reference),
(arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_zone_reference')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_reference(arg_dict)
result = engine.set_zone_reference(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoReferenceFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_vacuum_event_queue(self, line):
"""
Clean out processed events
vacuum_event_queue [-fv] [age-days]
where:
-f force operation. Don't ask yes/no
-v verbose output.
age-days age in days to be kept.
Destroy processed events older than age-days if given or
event_max_age in the sm_event_queue table. event_max_age is set via
the set_config command. Use the show_config command to view current
settings.
"""
syntax = ((arg_age_days,), ())
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('vacuum_event_queue')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if len(arg_dict) and not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.vacuum_event_queue(**arg_dict)
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
msg = "Processed Events destroyed: %s" % result['num_deleted']
print(result_msg_wrapper.fill(msg), file=self.stdout)
return
def do_vacuum_zones(self, line):
"""
Clean out deleted zones
vacuum_zones [-fv] [age-days]
where:
-f force operation. Don't ask yes/no
-v verbose output.
age-days age in days to be kept.
Destroy deleted zones older than age-days if given, or zone_del_age
which is set via the set_config command. Use the show_config command
to view current settings.
"""
syntax = ((arg_age_days,), ())
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('vacuum_zones')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if len(arg_dict) and not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.vacuum_zones(**arg_dict)
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
msg = "Deleted Zones destroyed: %s" % result['num_deleted']
print(result_msg_wrapper.fill(msg), file=self.stdout)
return
def do_vacuum_zis(self, line):
"""
Clean out old zone instances
vacuum_zis [-fv] [age-days] [zi-max-num]
where:
-f force operation. Don't ask yes/no
-v verbose output.
age-days age in days to be kept,
zi-max-num till maximum number of zis.
Destroy deleted zone instances older than zi_max_age, and over
that keeping up to zi_max_num, both set via the set_config command.
These defaults can be overridden by giving parameters. Use
the show_config command to view current settings.
"""
syntax = ((arg_age_days, arg_zi_max_num),
(arg_age_days,),
(),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('vacuum_zis')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if len(arg_dict) and not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.vacuum_zis(**arg_dict)
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
msg = "Zone Instances destroyed: %s" % result['num_deleted']
print(result_msg_wrapper.fill(msg), file=self.stdout)
return
def do_vacuum_pare_deleted_zone_zis(self, line):
"""
Pare ZIs off deleted zones
vacuum_pare_deleted_zone_zis [-fv] [age-days]
where:
-f force operation. Don't ask yes/no
-v verbose output.
age-days age in days to be kept.
Pare ZIs off deleted zone older than age-days if given,
or zone_del_pare_age, which is set via the set_config command. Use
the show_config command to view current settings.
"""
syntax = ((arg_age_days,),
(),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('vacuum_pare_deleted_zone_zis')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if len(arg_dict) and not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.vacuum_pare_deleted_zone_zis(**arg_dict)
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
msg = "Zone Instances pared: %s" % result['num_deleted']
print(result_msg_wrapper.fill(msg), file=self.stdout)
return
def do_vacuum_syslog(self, line):
"""
Clean out syslog messages
vacuum_syslog [-fv] [age-days]
where:
-f force operation. Don't ask yes/no
-v verbose output.
age-days age in days to be kept.
Destroy received syslog messages older than age-days if given,
or syslog_max_age which is set via the set_config command. The
syslog messages are stored in the systemevents table.
"""
syntax = ((arg_age_days,), ())
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('vacuum_syslog')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if len(arg_dict) and not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.vacuum_syslog(**arg_dict)
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
msg = "Syslog messages destroyed: %s" % result['num_deleted']
print(result_msg_wrapper.fill(msg), file=self.stdout)
return
def do_vacuum_all(self, line):
"""
Clean out cruft using default values set in DB
vacuum_all [-v]
Same as vacuum_event_queue, vacuum_zones, vacuum_pare_deleted_zone_zis
and vacuum_zis run using defaults in DB config. Use set_config command
to set defaults, show_config command to show them.
Refer to help for the above commands for more details.
"""
syntax = ((),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('vacuum_all')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result_eq = engine.vacuum_event_queue(**arg_dict)
result_zones = engine.vacuum_zones(**arg_dict)
result_zis = engine.vacuum_zis(**arg_dict)
result_pared_zis = engine.vacuum_pare_deleted_zone_zis(**arg_dict)
result_syslog = engine.vacuum_syslog(**arg_dict)
except ZoneCfgItem as exc:
self.exit_code = os.EX_DATAERR
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
if self.get_verbose():
total = result_eq['num_deleted'] + result_zones['num_deleted'] \
+ result_zis['num_deleted'] \
+ result_pared_zis['num_deleted'] \
+ result_syslog['num_deleted']
msg = ("Items destroyed: total %s, zones %s,"
" zis pared %s, zis aged %s, events %s, syslog_msgs %s"
% (total, result_zones['num_deleted'],
result_pared_zis['num_deleted'],
result_zis['num_deleted'],
result_eq['num_deleted'],
result_syslog['num_deleted']))
print(result_msg_wrapper.fill(msg), file=self.stdout)
return
def _oping_servers(self, server_list):
"""
OPing a list of servers, and stuff info back into server_list
"""
error_msg = ''
output = ''
try:
oping_args = settings['oping_args'].split()
cmdline = [settings['oping_path']]
cmdline.extend(oping_args)
s_ips = [(s['address'])
for s in server_list
if (s['state'] != SSTATE_DISABLED)]
cmdline.extend(s_ips)
output = check_output(cmdline, stderr=STDOUT)
except CalledProcessError as exc:
error_msg = (settings['oping_path'] + ': '
+ exc.output.decode(errors='replace').strip())
except (IOError, OSError) as exc:
error_msg = exc.strerror
if not error_msg:
try:
output = output.decode().split('\n\n',)[1:]
output = [o.splitlines()[1] for o in output]
output = [o.rsplit(',',1)[0] for o in output]
output = [o.strip() for o in output]
except UnicodeDecodeError as exc:
error_msg = str(exc)
except Exception as exc:
error_msg = str(exc)
index = 0
for s in server_list:
if s['state'] == SSTATE_DISABLED:
s['ping_results'] = 'server disabled'
continue
elif not error_msg:
s['ping_results'] = output[index]
else:
s['ping_results'] = error_msg
index += 1
return
def _print_ls_server(self, server_list, verbose, oping_servers=False):
"""
Print ls_server output
"""
if not server_list:
return '\n'
if oping_servers:
self._oping_servers(server_list)
out = []
if verbose or oping_servers:
for s in server_list:
out += [("%-28s %-39s %s\n"
+ self.indent + "%-39s %s")
% (s['server_name'], s['last_reply'],
s['state'], s['address'], s['ssh_address'])]
if oping_servers:
out += [self.indent + "ping: " + s['ping_results']]
if s.get('retry_msg'):
out += [(self.indent + 'retry_msg:'),
output_msg_wrapper.fill(str(s.get('retry_msg')))]
else:
out += [s['server_name'] for s in server_list]
out.append('')
out = '\n'.join(out)
return out
def do_ls_slave(self, line):
"""
List slave servers + wildcards:
ls_slave [-ajtv] [-g sg_name] [server-name] [server-name] ...
where:
-a show all
-j do ping test of each server
-t show active
-v verbose output
-g sg_name in server group
server-name server name - wildcards accepted
"""
try:
args = parse_line(None, line)
except DoHelp:
self.do_help('ls_slave')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
error_on_nothing = True if len(args) else False
try:
arg_dict = {}
self.fillin_sg_name(arg_dict, fillin_required=False)
self.fillin_show_all(arg_dict, fillin_required=False)
self.fillin_show_active(arg_dict, fillin_required=False)
# Invert show_all default to False for only listing true slaves
if not arg_dict.get('show_all'):
arg_dict['show_all'] = False
server_list = engine.list_server(*args, **arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoServerFound as exc:
server_list = []
if (error_on_nothing):
self.exit_code = os.EX_DATAERR
msg = "Server: %s - not present." % line
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
out = self._print_ls_server(server_list, self.get_verbose(),
self.get_oping_servers())
if out:
self.exit_code = self.pager(out, file=self.stdout)
def do_ls_server(self, line):
"""
List all servers + wildcards:
ls_server [-jtv] [-g sg_name] [server-name] [server-name] ...
where:
-j do ping test of each server
-t show active
-v verbose output
-g sg_name in server group
server-name server name - wildcards accepted
"""
try:
args = parse_line(None, line)
except DoHelp:
self.do_help('ls_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
error_on_nothing = True if len(args) else False
try:
arg_dict = {}
self.fillin_sg_name(arg_dict, fillin_required=False)
self.fillin_show_active(arg_dict, fillin_required=False)
server_list = engine.list_server(*args, **arg_dict)
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoServerFound as exc:
server_list = []
if (error_on_nothing):
self.exit_code = os.EX_DATAERR
msg = "Server: %s - not present." % line
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
out = self._print_ls_server(server_list, self.get_verbose(),
self.get_oping_servers())
if out:
self.exit_code = self.pager(out, file=self.stdout)
def _show_server(self, server_sm_dict):
"""
Backend for showing server
"""
out = []
out += [ (self.indent + '%-16s' % (str(x) + ':')
+ ' ' + str(server_sm_dict[x]))
for x in server_sm_dict]
name = [ x for x in out if (x.find(' server_name:') >= 0)][0]
out.remove(name)
retry_msg_list = [ x for x in out if (x.find(' retry_msg:') >= 0)]
retry_msg = None
if len(retry_msg_list):
retry_msg = retry_msg_list[0]
out.remove(retry_msg)
out.sort()
out.insert(0, name)
if retry_msg:
retry_msg = retry_msg.split(':', 1)[-1].strip()
out.append(self.indent + 'retry_msg:')
out.append(output_msg_wrapper.fill(retry_msg))
out = '\n'.join(out)
self.exit_code = self.pager(out, file=self.stdout)
return
def do_show_server(self, line):
"""
Show a server SM: show_server
Display a server.
"""
syntax = ((arg_server_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
self._show_server(result)
return
def do_show_server_byaddr(self, line):
"""
Show a server SM by address: show_server_byaddr
Display a server by address
"""
syntax = ((arg_address,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_server_byaddr')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_server_byaddress(**arg_dict)
except (NoServerFound, NoServerFoundByAddress) as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
self._show_server(result)
return
def do_create_server(self, line):
"""
Create a Server SM:
create_server [-g sg-name] [server-type]
[ssh-address]
where sg-name SG group name
server-name server name - a human tag
address server IP address
server-type bind9|nsd3 - the server type
ssh-address ssh administration address of server
"""
syntax = ((arg_server_name, arg_address, arg_server_type,
arg_ssh_address_none),
(arg_server_name, arg_address, arg_server_type),
(arg_server_name, arg_address),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('create_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_sg_name(arg_dict)
engine.create_server(**arg_dict)
except (ServerExists, ServerAddressExists) as exc:
self.exit_code = os.EX_CANTCREAT
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_delete_server(self, line):
"""
Delete a server: delete_server [-f]
The server must be disabled before doing this.
"""
syntax = ((arg_server_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('delete_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
engine.delete_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerNotDisabled as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_set_server_type(self, line):
"""
Set server type: set_server_type
where server-name server name - a human tag
server-type bind9|nsd3 - the server type
The server must be disabled before doing this.
"""
syntax = ((arg_server_name, arg_server_type),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_server_type')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.set_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerNotDisabled as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_set_server_address(self, line):
"""
Set server address: set_server_address
where server-name server name - a human tag
address server address
The server must be disabled before doing this.
"""
syntax = ((arg_server_name, arg_address),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_server_address')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.set_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerNotDisabled as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_rename_server(self, line):
"""
Rename a server: rename_server [-f]
where server-name server name - a human tag
new-server-name new server name
The server must be disabled before doing this.
"""
syntax = ((arg_server_name, arg_new_server_name),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('rename_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
engine.rename_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_set_server_ssh_address(self, line):
"""
Set server ssh address: set_server_ssh_address
where server-name server name - a human tag
ssh-address server ssh administration address or 'none'
"""
syntax = ((arg_server_name, arg_ssh_address_none),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('set_server_ssh_address')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.set_server_ssh_address(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_move_server_sg(self, line):
"""
Move a server between SGs:
move_server_sg
where server-name server name
sg-name SG name
"""
syntax = ((arg_server_name, arg_sg_name),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('move_server_sg')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_sg_name(arg_dict)
engine.move_server_sg(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except NoSgFound as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_enable_server(self, line):
"""
Enable a server: enable_server
"""
syntax = ((arg_server_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('enable_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.enable_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerSmFailure as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_disable_server(self, line):
"""
Disable a server: disable_server
"""
syntax = ((arg_server_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('disable_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.disable_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerSmFailure as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_reset_server(self, line):
"""
Reset server SM: reset_server
"""
syntax = ((arg_server_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('reset_server')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.reset_server(**arg_dict)
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ServerSmFailure as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_write_rndc_conf(self, line):
"""
Write out a new rndc.conf: write_rndc_conf
Must be run as root to get ownership/permissions set correctly.
Key files in rndc.conf-header must exist!!
"""
syntax = ()
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('write_rndc_conf')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Check that we are toor so that we can proceed
if not self.check_if_root():
return
try:
engine.write_rndc_conf()
except (OSError, IOError) as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
return
except KeyError as exc:
msg = ("Invalid template key in file in template dir %s - %s"
% (settings['config_template_dir'], str(exc)))
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CONFIG
return
return
def do_generate_tsig_key(self, line):
"""
Generate a new tsig key:
generate_tsig_key [-f] [hmac-type] [file-name]
Must be run as root if creating a key file to get ownership/permissions
set correctly.
"""
syntax = ((arg_key_name, arg_hmac_type, arg_file_name),
(arg_key_name, arg_hmac_type),
(arg_key_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('generate_tsig_key')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Check that we are toor so that we can proceed
if arg_dict['key_name'].endswith('.'):
arg_dict['key_name'] = arg_dict['key_name'][:-1]
if arg_dict.get('file_name'):
if not self.check_if_root():
return
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
else:
arg_dict['file_name'] = None
try:
engine.generate_tsig_key(**arg_dict)
except (OSError, IOError) as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
return
except InvalidHmacType as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
return
def do_rsync_server_admin_config(self, line):
"""
Rsync administration config files/includes to a replica/slave server:
rsync_server_admin_config [no_rndc]
Files rsynced depend on the servers type, bind9, nsd3 etc.
"""
syntax = ((arg_server_name, arg_no_rndc),
(arg_server_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('rsync_admin_config')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Check that we are toor so that we can proceed
if not self.check_if_root():
return
try:
engine.rsync_server_admin_config(**arg_dict)
except CalledProcessError as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = exc.returncode
return
except NoServerFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except (OSError, IOError) as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
return
return
def do_record_query_db(self, line):
"""
Query the database for a resource record ala libc resolv
rr_query_db [-av] [-n domain] [-z zi-id] [rr_type] [rdata]
"""
syntax = ((arg_label, arg_rr_type, arg_rdata),
(arg_label, arg_rr_type),
(arg_label,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('record_query_db')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_domain_name(arg_dict)
self.fillin_show_all(arg_dict)
self.fillin_zi_id(arg_dict)
results = engine.rr_query_db(**arg_dict)
except RrQueryDomainError as exc:
self.exit_code = os.EX_DATAERR
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
if results:
out = []
if self.get_verbose():
zi_id = results.get('zi_id')
if zi_id == 0:
zi_id = '*'
out += ["%1s label: %-16s domain: %-32s zi_id: %s\n"
% ('X' if results.get('zone_disabled') else ' ',
results.get('label'), results.get('name'),
zi_id)]
for rr in results['rrs']:
out += ["%1s %-32s %-12s %s"
% ('X' if rr.get('disable') else ' ',
rr['label'], rr['type'], rr['rdata']) ]
else:
for rr in results['rrs']:
out += ["%-32s %-12s %s"
% (rr['label'], rr['type'], rr['rdata']) ]
out = '\n'.join(out)
self.exit_code = self.pager(out, file=self.stdout)
else:
self.exit_code = os.EX_NOHOST
return
# For WSGI test mode
do_rr_query_db = do_record_query_db
def do_update_rrs(self, line):
"""
Submit a file or stdin as an incremental update. This frontend
is mainly for test purposes
update_rrs [-n domain-name] [file-name] [domain-name]
where:
domain-name domain name
file-name file containing update delta
Example update file:
$ORIGIN foo.bar.org.
$UPDATE_TYPE SpannerReplacement_ShouldBeUUIDperClientOpType
;!RROP:DELETE
ns5 IN ANY "" ; All records for ns5
;!RROP:DELETE
ns7 IN A "" ; All A records for ns2
;!RROP:DELETE
ns67 IN A 192.168.2.3 ; Specific record
;!RROP:ADD
ns99 IN TXT "Does not know Maxwell Smart"
;!RROP:ADD
ns99 IN AAAA 2002:fac::1
;!RROP:UPDATE_RRTYPE
ns99 IN AAAA ::1
"""
syntax = ( (arg_file_name, arg_domain_name),
(arg_file_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('update_rrs')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
self.fillin_domain_name(arg_dict)
file_name = arg_dict.pop('file_name')
if file_name == '-':
file_name = self.stdin
name = arg_dict.get('name')
arg_dict['update_data'], origin_name, arg_dict['update_type'], \
zone_reference \
= bind_to_data(file_name, name, \
use_origin_as_name=True, update_mode=True)
if origin_name.find('.') < 0:
msg = ("%s: zone name must have '.' in it!"
% file_name)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
arg_dict.update({'name': origin_name, 'login_id': self.login_id})
results = engine.update_rrs_admin(**arg_dict)
except (IOError, OSError) as exc:
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_OSERR
return
except BinaryFileError as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_IOERR
return
except (ZiNotFound, ZoneNotFound) as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except (ZoneNameUndefined, BadInitialZoneName,
InvalidDomainName, UpdateTypeRequired) as exc:
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (ParseBaseException, ZoneParseError, ZiParseError,
SOASerialError, ZoneHasNoSOARecord) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
if (isinstance(exc, ParseBaseException)
or isinstance(exc, ZoneParseError)):
print(exc.markInputline(), file=self.stdout)
msg = "Parse error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_DATAERR
return
except (PrivilegeNeeded, ZoneSecTagDoesNotExist,
SecTagPermissionDenied) as exc:
# Must not commit changes to DB when cleaning up!
engine.rollback()
msg = "Privilege error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
except (ZoneDisabled, IncrementalUpdatesDisabled) as exc:
msg = "Privilege error - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_NOPERM
return
except LoginIdError as exc:
print (error_msg_wrapper.fill(str(exc)), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except (UpdateTypeAlreadyQueued) as exc:
engine.rollback()
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_refresh_zone_ttl(self, line):
"""
Refresh a zone: refresh_zone_ttl [zone-ttl]
This is done by queuing a zone update event.
"""
syntax = ((arg_domain_name, arg_zone_ttl), (arg_domain_name,))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('refresh_zone_ttl')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
engine.refresh_zone_ttl(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneHasNoZi as exc:
self.exit_code = os.EX_SOFTWARE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def _diff_zone(self, zi1_data, zi2_data, z1_name=None, z2_name=None,
z1_reference=None, z2_reference=None, no_info_header=False):
"""
Take difference between 2 ZIs and display it, hopefullu colorized
"""
def clean_up():
if (z1_filename):
os.unlink(z1_filename)
if (z2_filename):
os.unlink(z2_filename)
# Write zi data to a temporary files
z1_filename = ''
z2_filename = ''
(z1_fd, z1_filename) = tempfile.mkstemp(
prefix=settings['process_name']
+ '-', suffix='.zone')
z1_file = io.open(z1_fd, mode='wt')
data_to_bind(zi1_data, name=z1_name,
reference=z1_reference, no_info_header=no_info_header,
file=z1_file)
z1_file.flush()
z1_file.close()
(z2_fd, z2_filename) = tempfile.mkstemp(
prefix=settings['process_name']
+ '-', suffix='.zone')
z2_file = io.open(z2_fd, mode='wt')
data_to_bind(zi2_data, name=z2_name,
reference=z2_reference, no_info_header=no_info_header,
file=z2_file)
z2_file.flush()
z2_file.close()
# do diff
diff_bin = self.get_diff()
diff_args = self.get_diff_args()
diff_args = [diff_bin] + diff_args.split()
diff_args.append(z1_filename)
diff_args.append(z2_filename)
tail_bin = self.get_tail()
tail_args = self.get_tail_args()
tail_argv = [tail_bin] + tail_args.split()
# Make sure Less is secure
pager_env = os.environ
if not self.admin_mode:
pager_env.update({'LESSSECURE': '1'})
pager_bin = self.get_pager()
pager_args = self.get_pager_args()
pager_argv = [pager_bin] + pager_args.split()
try:
p1 = Popen(diff_args, stdout=PIPE)
p2 = Popen(tail_argv, stdin=p1.stdout, stdout=PIPE)
p3 = Popen(pager_argv, stdin=p2.stdout, env=pager_env)
p2.stdout.close() # Allow p1, p2 to receive a SIGPIPE if p3
p1.stdout.close() # exits
# Do it
output = p3.communicate()
except (IOError,OSError) as exc:
print (error_msg_wrapper.fill("Running %s failed: %s"
% (exc.filename, exc.strerror)),
file=self.stdout)
self.exit_code = os.EX_SOFTWARE
return
finally:
clean_up()
return
def do_diff_zones(self, line):
"""
Given two zones, display the difference:
diff_zones [zi1-id [zi2-id]]
where:
domain1-name older domain name
domain2-name newer domain name
zi1-id zi-id for domain1-name
defaults to published ZI
zi2-id zi-id for domain2-name
defaults to published ZI
"""
syntax = ((arg_domain1_name, arg_domain2_name, arg_zi1_id, arg_zi2_id),
(arg_domain1_name, arg_domain2_name, arg_zi1_id),
(arg_domain1_name, arg_domain2_name))
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('diff_zones')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
arg1_dict = {}
arg1_dict['name'] = arg_dict['domain1_name']
if arg_dict.get('zi1_id'):
arg1_dict['zi_id'] = arg_dict['zi1_id']
arg2_dict = {}
arg2_dict['name'] = arg_dict['domain2_name']
if arg_dict.get('zi2_id'):
arg2_dict['zi_id'] = arg_dict['zi2_id']
result1 = engine.show_zone_full(**arg1_dict)
result2 = engine.show_zone_full(**arg2_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone/Zone Instance '%s' not present."
% line, file=self.stdout)
return
self._diff_zone(result1['zi'], result2['zi'],
z1_name=result1['name'], z2_name=result2['name'],
z1_reference=result1.get('reference'),
z2_reference=result2.get('reference'))
def do_diff_zone_zi(self, line):
"""
Given a zone, display the differences between older and newer ZIs:
diff_zone_zi zi1-id [zi2-id]
where:
domain-name domain name
zi1-id older zi-id for domain-name
zi2-id newer zi-id for domain-name,
defaults to published ZI
"""
syntax = ((arg_domain_name, arg_zi1_id, arg_zi2_id),
(arg_domain_name, arg_zi1_id),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('diff_zone_zi')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
arg1_dict = {}
arg1_dict['name'] = arg_dict['name']
if arg_dict.get('zi1_id'):
arg1_dict['zi_id'] = arg_dict['zi1_id']
arg2_dict = {}
arg2_dict['name'] = arg_dict['name']
if arg_dict.get('zi2_id'):
arg2_dict['zi_id'] = arg_dict['zi2_id']
result1 = engine.show_zone_full(**arg1_dict)
result2 = engine.show_zone_full(**arg2_dict)
except ZiIdSyntaxError as exc:
self.exit_code = os.EX_USAGE
msg = str(exc)
print(error_msg_wrapper.fill(msg), file=self.stdout)
return
except ZoneNotFound:
self.exit_code = os.EX_NOHOST
print(self.error_prefix + "Zone/Zone Instance '%s' not present."
% line, file=self.stdout)
return
self._diff_zone(result1['zi'], result2['zi'],
z1_name=result1['name'], z2_name=result2['name'],
z1_reference=result1.get('reference'),
z2_reference=result2.get('reference'),
no_info_header=True)
def do_restore_named_db(self, line):
"""
Reestablish Named DB from dms DB for DR
restore_named_db [-f]
Note that root only may execute this, and that named and dmsdmd must
not be running.
"""
syntax = ((),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('restore_named_db')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Check that we are toor so that we can proceed
if not self.check_if_root():
return
msg = ("WARNING - doing this destroys DNSSEC RRSIG data. "
"It is a last resort in DR recovery.")
print(error_msg_wrapper.fill(msg), file=self.stdout)
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
engine.restore_named_db(**arg_dict)
except CalledProcessError as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = exc.returncode
return
except (NamedStillRunning,DmsdmdStillRunning) as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_UNAVAILABLE
return
except (PidFileValueError, PidFileAccessError) as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
except (NamedConfWriteError, ZoneFileWriteError) as exc:
msg = str(exc)
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_CANTCREATE
return
except ZoneNotFoundByZoneId as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def _print_ls_pending_events(self, result, verbose):
"""
Format output for ls_pending_events
"""
out = []
for event in result:
name = event['parameters'].get('name', '')
name = event['parameters'].get('server_name', '') \
if not name else name
zi_id = event['parameters'].get('zi_id', '')
zi_id = event['parameters'].get('publish_zi_id', '') \
if not zi_id else zi_id
zi_id = str(zi_id)
if verbose:
time3 = event['processed'] if event['processed'] else '--'
event_str = (('%-19s %-25s %s\n'
+ ' ' + '%-27s %s\n'
+ ' ' + '%s %s %s') % (
event['event_type'],
event['event_id'],
event['state'],
name,
zi_id,
event['created'],
event['scheduled'],
time3))
else:
name = name + ' ' + zi_id if zi_id else name
event_str = '%-25s %-27s %s' % (event['event_type'],
name,
event['scheduled'])
out += [event_str]
out.append('')
out = '\n'.join(out)
return out
def do_ls_pending_events(self, line):
"""
List all pending events
ls_pending_events [-v]
where:
-v Do verbose output
Shows event_id, event_type, name (if any), scheduled, created fields
Note: If queue really busy, may take a few seconds
"""
syntax = ((),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('ls_pending_events')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
result = engine.list_pending_events()
out = self._print_ls_pending_events(result, self.get_verbose())
if out:
self.exit_code = self.pager(out, file=self.stdout)
def _print_ls_events(self, result, verbose):
"""
Format output for ls_failed_events
"""
out = []
for event in result:
name = event['parameters'].get('name', '')
name = event['parameters'].get('server_name', '') \
if not name else name
zi_id = event['parameters'].get('zi_id', '')
zi_id = event['parameters'].get('publish_zi_id', '') \
if not zi_id else zi_id
zi_id = str(zi_id)
if not verbose:
name = name + ' ' + zi_id if zi_id else name
time2 = (event['scheduled']
if event['state'] in (ESTATE_NEW, ESTATE_RETRY)
else event['processed'])
event_str = (('%-19s %-25s %s\n'
+ ' ' + '%-26s %s %s') % (
event['event_type'],
event['event_id'],
event['state'],
name,
event['created'],
time2))
else:
time3 = event['processed'] if event['processed'] else '--'
event_str = (('%-19s %-25s %s\n'
+ ' ' + '%-27s %s\n'
+ ' ' + '%s %s %s') % (
event['event_type'],
event['event_id'],
event['state'],
name,
zi_id,
event['created'],
event['scheduled'],
time3))
out += [event_str]
out.append('')
out = '\n'.join(out)
return out
def do_ls_failed_events(self, line):
"""
List the last n last-limit failed events in descending order
ls_pending_events [-v] [last-limit]
where:
-v Do verbose output
last-limit Number of failed events to list
Default is 25
Shows event_id, event_type, name (if any), created, scheduled fields
Note: If queue really busy, may take a few seconds
"""
syntax = ((arg_last_limit,),(),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('ls_failed_events')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
result = engine.list_failed_events(**arg_dict)
out = self._print_ls_events(result, self.get_verbose())
if out:
self.exit_code = self.pager(out, file=self.stdout)
def do_ls_events(self, line):
"""
List last events in descending order
ls_events [-v] [last-limit]
where:
-v Do verbose output
last-limit Number of failed events to list
Default is 25
Shows event_id, event_type, name (if any), created, scheduled,
processed fields. If not verbose, show created time, then either
prcessed or scheduled time if event has not been processed.
Note: If queue really busy, may take a few seconds
"""
syntax = ((arg_last_limit,),(),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('ls_failed_events')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
result = engine.list_events(**arg_dict)
out = self._print_ls_events(result, self.get_verbose())
if out:
self.exit_code = self.pager(out, file=self.stdout)
def _print_show_event(self, result):
"""
Format show_event output
"""
parameters = result.pop('parameters', None)
results = result.pop('results', None)
out = []
out += [ (self.indent + '%-16s' % (str(x) + ':')
+ ' ' + str(result[x]))
for x in result]
event_id = [ x for x in out if (x.find(' event_id:') >= 0)][0]
out.remove(event_id)
out.sort()
out.insert(0, event_id)
if parameters:
p_out = []
p_out += [ (self.indent + '%-16s' % (str(x) + ':')
+ ' ' + str(parameters[x]))
for x in parameters]
p_out.sort()
p_out.insert(0, '')
p_out.insert(1, self.indent + 'Event parameters:')
out += p_out
if results:
r_out = []
r_out += [ (self.indent + '%-16s' % (str(x) + ':')
+ ' ' + str(results[x]))
for x in results]
message_list = [ x for x in r_out if (x.find(' message:') >= 0)]
message = None
if len(message_list):
message = message_list[0]
r_out.remove(message)
r_out.sort()
r_out.insert(0, '')
r_out.insert(1, self.indent + 'Event results:')
if message:
message = message.split(':', 1)[-1].strip()
r_out.append(self.indent + 'message:')
r_out.append(output_msg_wrapper.fill(message))
out += r_out
out = '\n'.join(out)
return out
def do_show_event(self, line):
"""
Show an event, given an event-id
show_event
"""
syntax = ((arg_event_id,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('show_event')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
try:
result = engine.show_event(**arg_dict)
except EventNotFoundById as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
out = self._print_show_event(result)
if out:
self.exit_code = self.pager(out, file=self.stdout)
def do_fail_event(self, line):
"""
Fail an event, given an event-id
fail_event [-f]
where:
-f Force operation
"""
syntax = ((arg_event_id,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('fail_event')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
result = engine.fail_event(**arg_dict)
except EventNotFoundById as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except CantFailEventById as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
return
def do_poke_zone_set_serial(self, line):
"""
Set the SOA serial number for a published zone:
poke_zone_set_serial [-fu]
where:
-f Force operation
-u Incrementally update SOA Serial number
domain-name Zone name
soa-serial Use this SOA serial number
This is done by queuing a zone update event.
"""
syntax = ((arg_domain_name, arg_soa_serial),
(arg_domain_name,), )
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('poke_zone_set_serial')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
self.fillin_force_soa_serial_update(arg_dict)
engine.poke_zone_set_serial(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except SOASerialError as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotPublished as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_poke_zone_wrap_serial(self, line):
"""
Wrap the SOA serial for a published zone:
poke_zone_wrap_serial [-f]
This is done by queuing a zone update event.
"""
syntax = ( (arg_domain_name,),)
try:
arg_dict = parse_line(syntax, line)
except DoHelp:
self.do_help('poke_zone_wrap_serial')
self.exit_code = os.EX_USAGE
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
# Query user as this may be unadvisable
if not self.check_or_force():
self.exit_code = os.EX_TEMPFAIL
return
try:
engine.poke_zone_wrap_serial(**arg_dict)
except ZoneNotFound as exc:
self.exit_code = os.EX_NOHOST
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except SOASerialError as exc:
self.exit_code = os.EX_PROTOCOL
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneNotPublished as exc:
self.exit_code = os.EX_UNAVAILABLE
print(error_msg_wrapper.fill(str(exc)), file=self.stdout)
return
except ZoneSmFailure as exc:
msg = "ZoneSM failure - %s" % exc
print (error_msg_wrapper.fill(msg), file=self.stdout)
self.exit_code = os.EX_PROTOCOL
return
return
def do_show_dms_status(self, line):
"""
Show DMS system status information
show_dms_status [-v]
"""
syntax = ((),)
try:
args = parse_line(syntax, line)
except DoHelp:
self.exit_code = os.EX_USAGE
self.do_help('show_dms_status')
return
except DoNothing:
self.exit_code = os.EX_USAGE
return
verbose = self.get_verbose()
result = engine.show_dms_status()
out = '\nshow_master_status:\n'
out += self._print_show_mastersm(result['show_mastersm'], verbose)
out += '\nshow_replica_sg:\n'
out += self._print_show_sg(result['show_replica_sg'], verbose)
out += '\nls_server:\n'
out += self._print_ls_server(result['list_server'], verbose=True,
oping_servers=True)
out += '\nlist_pending_events:\n'
out += self._print_ls_pending_events(result['list_pending_events'],
verbose=False)
out += '\n'
self.exit_code = self.pager(out, file=self.stdout)
return
class SIGALRMHandler(SignalHandler):
"""
Handle a SIGALRM signal.
Just make action() return False
"""
def action(self):
log_debug('SIGALRM received - system timer went off.')
return False
class ForceCmdCmdLineArg(BooleanCmdLineArg):
"""
Process force command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='f',
long_arg='force-cmd',
help_text="Force command, say if file unchanged",
settings_key = 'force_cmd',
settings_default_value = False,
settings_set_value = True)
class OriginCmdLineArg(BooleanCmdLineArg):
"""
Process origin command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='o',
long_arg='use-origin-as-name',
help_text="Use $ORIGIN to set zone name from file",
settings_key = 'use_origin_as_name',
settings_default_value = False,
settings_set_value = True)
class ShowAllCmdLineArg(BooleanCmdLineArg):
"""
Process show-active command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='a',
long_arg='show-all',
help_text="Show disabled zones, RRs, and all Servers",
settings_key = 'show_all',
settings_default_value = False,
settings_set_value = True)
class ShowActiveCmdLineArg(BooleanCmdLineArg):
"""
Process show-active command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='t',
long_arg='show-active',
help_text="Show only active Servers and Zones",
settings_key = 'show_active',
settings_default_value = False,
settings_set_value = True)
class SoaSerialUpdateCmdLineArg(BooleanCmdLineArg):
"""
Process soa-serial-update command Line setting
"""
def __init__(self):
BooleanCmdLineArg.__init__(self,
short_arg='u',
long_arg='soa-serial-update',
help_text="Force SOA Serial update",
settings_key = 'force_soa_serial_update',
settings_default_value = False,
settings_set_value = True)
class WsgiApiTestCmdLineArg(BooleanCmdLineArg):
"""
IncUpdates is turned on for zone load
"""
def __init__(self):
BooleanCmdLineArg.__init__(self, short_arg='D',
long_arg="wsgi-api-test",
help_text="Enable zone_tool test WSGI commands",
settings_key='wsgi_api_test_flag',
settings_default_value= False,
settings_set_value=True)
class ReferenceCmdLineArg(BaseCmdLineArg):
"""
Set reference used
"""
def __init__(self):
BaseCmdLineArg.__init__(self, short_arg='r:',
long_arg="reference=",
help_text="Set the reference used")
settings['reference'] = None
def process_arg(self, process, value, *args, **kwargs):
"""
Set the default value of the reference used
"""
settings['reference'] = value
class SecTagCmdLineArg(BaseCmdLineArg):
"""
Set Security tag used
"""
def __init__(self):
BaseCmdLineArg.__init__(self, short_arg='s:',
long_arg="sectag=",
help_text="Set the security tag used")
settings['sectag_label'] = None
def process_arg(self, process, value, *args, **kwargs):
"""
Set the default value of the security tag used
"""
settings['sectag_label'] = value
class SgCmdLineArg(BaseCmdLineArg):
"""
Set server group used
"""
def __init__(self):
BaseCmdLineArg.__init__(self, short_arg='g:',
long_arg="server-group=",
help_text="Set the server group")
settings['default_sg'] = None
def process_arg(self, process, value, *args, **kwargs):
"""
Set the default SG
"""
settings['default_sg'] = value
class ReplicaSgCmdLineArg(BooleanCmdLineArg):
"""
SG is made the replica SG
"""
def __init__(self):
BooleanCmdLineArg.__init__(self, short_arg='p',
long_arg="replica-sg",
help_text="Set/Show the replica SG",
settings_key='replica_sg_flag',
settings_default_value= False,
settings_set_value=True)
class IncUpdatesCmdLineArg(BooleanCmdLineArg):
"""
IncUpdates is turned on for zone load
"""
def __init__(self):
BooleanCmdLineArg.__init__(self, short_arg='i',
long_arg="inc-updates",
help_text="Set inc_updates for loading zones",
settings_key='inc_updates_flag',
settings_default_value= False,
settings_set_value=True)
class OPingServersCmdLineArg(BooleanCmdLineArg):
"""
OPing is enabled for ls_server
"""
def __init__(self):
BooleanCmdLineArg.__init__(self, short_arg='j',
long_arg="oping-servers",
help_text="oping servers when listing them",
settings_key='oping_servers_flag',
settings_default_value= False,
settings_set_value=True)
class ZoneCmdLineArg(BaseCmdLineArg):
"""
Set the domain used in RR queries
"""
def __init__(self):
BaseCmdLineArg.__init__(self, short_arg='n:',
long_arg="domain=",
help_text="Set domain used in RR queries")
settings['zone_name'] = None
class ZiCmdLineArg(BaseCmdLineArg):
"""
Set the ZI used in RR queries
"""
def __init__(self):
BaseCmdLineArg.__init__(self, short_arg='z:',
long_arg="zi=",
help_text="Set ZI used in RR queries")
settings['zi_id'] = None
def process_arg(self, process, value, *args, **kwargs):
"""
Set query_zone
"""
if value == '*':
settings['zi_id'] = 0
return
try:
settings['zi_id'] = int(value)
except ValueError as exc:
print(error_msg_wrapper.fill(str(exc)), file=sys.stderr)
sys.exit(os.EX_USAGE)
class ZoneTool(Process):
"""
Process Main Daemon class
"""
def __init__(self, *args, **kwargs):
Process.__init__(self, usage_message=USAGE_MESSAGE,
command_description=COMMAND_DESCRIPTION,
use_gnu_getopt=False,
*args, **kwargs)
self.cmdline_arg_list.append(ForceCmdCmdLineArg())
self.cmdline_arg_list.append(SecTagCmdLineArg())
self.cmdline_arg_list.append(ReplicaSgCmdLineArg())
self.cmdline_arg_list.append(IncUpdatesCmdLineArg())
self.cmdline_arg_list.append(OPingServersCmdLineArg())
self.cmdline_arg_list.append(OriginCmdLineArg())
self.cmdline_arg_list.append(SgCmdLineArg())
self.cmdline_arg_list.append(ReferenceCmdLineArg())
self.cmdline_arg_list.append(ShowAllCmdLineArg())
self.cmdline_arg_list.append(ShowActiveCmdLineArg())
self.cmdline_arg_list.append(SoaSerialUpdateCmdLineArg())
self.cmdline_arg_list.append(ZoneCmdLineArg())
self.cmdline_arg_list.append(ZiCmdLineArg())
self.cmdline_arg_list.append(WsgiApiTestCmdLineArg())
# Initialise command line environment
self.cmd = ZoneToolCmd()
self.argv_cmd = ''
# Set logging level to critical to stop too much feedback!
# Does not affect debug command line flag
settings['log_level'] = MAGLOG_CRITICAL
def usage_full(self, tty_file=sys.stdout):
"""
Full usage string
"""
super().usage_full(tty_file=tty_file)
self.cmd.do_help('', no_pager=True)
def parse_argv_left(self, argv_left):
"""
Handle any arguments left after processing all switches
Override in application if needed.
"""
if len(argv_left):
self.argv_cmd = ' '.join(argv_left)
def main_process(self):
"""Main process editzone
"""
global engine
global db_session
# Connect to database, intialise SQL Alchemy
setup_sqlalchemy()
db_session = sql_data['scoped_session_class']()
# Set up WSGI API test mode
self.cmd.init_wsgi_apt_test_mode()
# Create 'engine'
sectag_label = settings['sectag_label']
sectag_label = (sectag_label if sectag_label
else settings['admin_sectag'])
log_info('Using sectag_label: %s' % sectag_label)
try:
engine = CmdLineEngine(sectag_label=sectag_label)
except ZoneSecTagConfigError as exc:
print(error_msg_wrapper.fill(str(exc)), file=sys.stderr)
sys.exit(os.EX_USAGE)
if self.argv_cmd:
# Running as a command from shell
self.cmd.onecmd(self.argv_cmd)
sys.exit(self.cmd.exit_code)
elif sys.stdin and hasattr(sys.stdin, 'isatty') and sys.stdin.isatty():
# Running as a command shell attached to a tty
loop = True
while loop:
try:
self.cmd.cmdloop()
loop = False
except KeyboardInterrupt:
# Stop Welcome message
self.cmd.intro = ' '
pass
print('\n', file=sys.stdout)
sys.exit(os.EX_OK)
else:
# Running aattached to a pipe
self.cmd.intro = None
#self.cmd.indent = ''
self.cmd.cmdloop()
sys.exit(os.EX_OK)
if (__name__ is "__main__"):
exit_code = ZoneTool(sys.argv, len(sys.argv))
sys.exit(exit_code)
������������������������������������������������������������������������������������������������������dms-1.0.8.1/dms/auto_ptr_util.py��������������������������������������������������������������������0000664�0000000�0000000�00000003011�13227265140�0016466�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/usr/bin/env python3.2
#
# Copyright (c) Net24 Limited, Christchurch, New Zealand 2011-2012
# and Voyager Internet Ltd, New Zealand, 2012-2013
#
# This file is part of py-magcode-core.
#
# Py-magcode-core is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Py-magcode-core is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with py-magcode-core. If not, see |%s"'
% (rr_flag_lockptr, rr_flag_forcerev, rr_flag_trackrev,
rr_flag_disable, rr_flag_ref, rr_flag_rrop))
raise ParseFatalException(err.pstr, err.loc, msg, err.parserElement)
else:
raise err
def crrf_parse_action(s, loc, tokens):
if not tokens:
return
result = {'rr_flags': ' '.join(tokens)}
result['type'] = 'comment_rrflags'
result['rdata_pyparsing'] = {'s': s, 'loc': loc}
return result
def crrfr_parse_action(tokens):
if not tokens:
return
return ''.join(tokens)
comment_rrflags_start = noWS(LineStart()) + noWS(Suppress(lo(Combine(comment_rrflags_leader))))
comment_rrflags_LOCKPTR = lo(Combine(rr_flag_lockptr))
comment_rrflags_FORCEREV = lo(Combine(rr_flag_forcerev))
comment_rrflags_TRACKREV = lo(Combine(rr_flag_trackrev))
comment_rrflags_DISABLE = lo(Combine(rr_flag_disable))
comment_rrflags_REF = lo(And([noWS(Combine(rr_flag_ref)), noWS(Word(refchars))]))
comment_rrflags_REF.setParseAction(crrfr_parse_action)
comment_rrflags_RROP = lo(And([noWS(Combine(rr_flag_rrop)), noWS(Word(rropchars))]))
comment_rrflags_RROP.setParseAction(crrfr_parse_action)
comment_rrflags_flags = lo(OneOrMore(lo(comment_rrflags_LOCKPTR|comment_rrflags_FORCEREV|comment_rrflags_TRACKREV|comment_rrflags_DISABLE|comment_rrflags_REF|comment_rrflags_RROP)))
comment_rrflags = comment_rrflags_start + comment_rrflags_flags + lo_line_end
comment_rrflags.setParseAction(crrf_parse_action)
comment_rrflags.setFailAction(rrflags_start_fail)
def rdata_fail_action(s, loc, expr, err):
# Deal with no Rdata
if (s[loc] == '\n' or s[loc:err.loc-1].strip() == ''):
msg = 'Expected RDATA'
raise ParseFatalException(err.pstr, err.loc-1, msg)
raise err
def rdata_parse_action(s, loc, tokens):
if zone_parser_testing:
return ' '.join(tokens)
rdata = {}
rdata['rdata'] = ' '.join(tokens)
rdata['pyparsing'] = {'s': s, 'loc': loc}
return rdata
rdata_end = LineEnd()
rdata_comment = lo(lo(Literal(';')) + lo(restOfLine))
rdata_word = lo(Or([dblQuotedString, lo(Word(rdatachars))]))
rdata_word_ml = dblQuotedString | Word(rdatachars)
rdata_1l = lo(And([lo(OneOrMore(rdata_word)), lo(Suppress(rdata_end))]))
rdata_ml = lo(And([lo(ZeroOrMore(rdata_word)), lo(o_paren + OneOrMore(rdata_word_ml) + c_paren), lo(ZeroOrMore(rdata_word)), lo(Suppress(rdata_end))]))
rdata = lo(Or([rdata_ml, rdata_1l]))
rdata.setParseAction(rdata_parse_action)
rdata.setFailAction(rdata_fail_action)
# Both of the following are to make parsing fail fatally in an RR, as they are
# uniquely identified by starting with '^blob.dot.com' or '^IN'
rr_re_label = re.compile('^[\-a-zA-Z0-9\._@]+\s+')
rr_re_blank = re.compile('^\s+')
def rr_lbl_fail(s, loc, expr, err):
if rr_re_label.search(s[loc:]):
raise ParseFatalException(err.pstr, err.loc, err.msg, err.parserElement)
else:
raise err
def rr_lbl_parse_action(s, loc, tokens):
global previous_label
previous_label = tokens[0][0]
return tokens
def rr_cont_fail(s, loc, expr, err):
if rr_re_blank.search(s[loc:]):
raise ParseFatalException(err.pstr, err.loc, err.msg, err.parserElement)
else:
raise err
def rr_cont_parse_action(s, loc, tokens):
if not previous_label:
raise ParseNoPreviousLabelException(s, loc,
"No previous label in file")
return tokens
def rr_label_parse_action(s, loc, tokens):
try:
thing = dns.name.from_text(tokens[0], None)
except:
raise ParseLabelException(s, loc, 'Invalid DNS Label')
if (tokens[0].find('@') >= 0 and len(tokens[0]) != 1):
raise ParseLabelException(s, loc, 'Invalid DNS Label')
if (tokens[0].find('-') == 0):
raise ParseLabelException(s, loc, 'Invalid DNS Label')
if (tokens[0].find('.-') >= 0):
raise ParseLabelException(s, loc, 'Invalid DNS Label')
return tokens
def rr_type_parse_action(s, loc, tokens):
if not tokens[0].upper() in rrtype_map.keys():
raise ParseTypeException(s, loc, "Unsupported RR type '%s'" % tokens[0])
return str(tokens[0])
def rr_class_parse_action(s, loc, tokens):
if tokens[0].upper() != 'IN':
raise ParseTypeException(s, loc, "Unsupported RR class '%s'" % tokens[0])
return str(tokens[0])
rr_label = noWS(Word(labelchars))
rr_label.setParseAction(rr_label_parse_action)
rr_type = lo(noWS(Word(alphanums)) + FollowedBy(blank))
rr_type.setParseAction(rr_type_parse_action)
rr_class = lo(noWS(lo(CaselessLiteral('IN')|CaselessLiteral('HS')|CaselessLiteral('CH'))) + FollowedBy(blank))
rr_class.setParseAction(rr_class_parse_action)
rr_ttl = lo(noWS(Regex(r'([0-9]+[wWdDhHmMsS]?){1,7}')) + FollowedBy(blank))
rr_ttl.setParseAction(lambda tokens : str(tokens[0]))
rr_lbl = (Group(noWS(LineStart()) + lo(rr_label.setResultsName('label') + lo(Optional(lo(rr_ttl.setResultsName('ttl') + rr_class.setResultsName('class'))|lo(rr_class.setResultsName('class') + rr_ttl.setResultsName('ttl'))|rr_ttl.setResultsName('ttl')|rr_class.setResultsName('class'))) + rr_type.setResultsName('type') + rdata.setResultsName('rdata').ignore(rdata_comment))))
rr_lbl.setFailAction(rr_lbl_fail)
rr_lbl.setParseAction(rr_lbl_parse_action)
# Had to leave lo() of the following And to let 'blank' be recognised
rr_cont = Group(noWS(LineStart()) + blank.setResultsName('blank') + lo(Optional(lo(rr_ttl.setResultsName('ttl') + rr_class.setResultsName('class'))|lo(rr_class.setResultsName('class') + rr_ttl.setResultsName('ttl'))|rr_ttl.setResultsName('ttl')|rr_class.setResultsName('class'))) + rr_type.setResultsName('type') + rdata.setResultsName('rdata').ignore(rdata_comment))
rr_cont.setFailAction(rr_cont_fail)
rr_cont.setParseAction(rr_cont_parse_action)
def cg_parse_action(tokens):
if not tokens:
return
result = {'comment': '\n'.join(tokens) + '\n'}
result['type'] = 'comment_group'
return result
comment_group_start = noWS(Suppress(noWS(Combine(comment_group_leader))))
comment_group_ln = lo(comment_group_start + comment_spc + comment_txt_ln + lo_line_end)
comment_group_blank = lo(comment_group_start + lo_line_end)
comment_group_blank.setParseAction(lambda tokens : '')
comment_group = lo(OneOrMore(lo(comment_group_ln|comment_group_blank)))
comment_group.setParseAction(cg_parse_action)
directive_comment = noWS(Regex(r';[\S \t]*'))
directive_line_end = lo(Suppress(LineEnd())).ignore(directive_comment)
def origin_parse_action(s, loc, tokens):
if not tokens:
return
result = {'origin': tokens[0][0]}
result['type'] = result['directive'] = '$ORIGIN'
if not zone_parser_testing:
result['rdata_pyparsing'] = {'s': s, 'loc': loc}
return result
origin = Group(lo(Suppress(lo(Combine('$ORIGIN')))) + lo(Word(zonechars)) + directive_line_end)
origin.setParseAction(origin_parse_action)
def dollar_ttl_parse_action(s, loc, tokens):
if not tokens:
return
result = {'ttl': tokens[0][0]}
result['type'] = result['directive'] = '$TTL'
if not zone_parser_testing:
result['rdata_pyparsing'] = {'s': s, 'loc': loc}
return result
dollar_ttl = Group(lo(Suppress(lo(Combine('$TTL')))) + lo(Word(ttlchars)) + directive_line_end)
dollar_ttl.setParseAction(dollar_ttl_parse_action)
def dollar_include_parse_action(s, loc, tokens):
if not tokens:
return
result = {'filename': tokens[0][0]}
if len(tokens[0]) > 1:
result['origin'] = tokens[0][1]
result['type'] = result['directive'] = '$INCLUDE'
if not zone_parser_testing:
result['rdata_pyparsing'] = {'s': s, 'loc': loc}
return result
dollar_include = Group(lo(Suppress(lo(Combine('$INCLUDE')))) + lo(Word(printables)) +lo(Optional(lo(Word(zonechars)))) + directive_line_end)
dollar_include.setParseAction(dollar_include_parse_action)
def dollar_generate_parse_action(s, loc, tokens):
if not tokens:
return
result = {}
result['type'] = result['directive'] = '$GENERATE'
if not zone_parser_testing:
result['rdata_pyparsing'] = {'s': s, 'loc': loc}
result['text'] = tokens[0][0]
return result
dollar_generate = Group(lo(Suppress(lo(Combine('$GENERATE')))) + comment_spc +comment_txt_ln + directive_line_end)
dollar_generate.setParseAction(dollar_generate_parse_action)
def dollar_update_type_parse_action(s, loc, tokens):
if not tokens:
return
result = {}
result['type'] = result['directive'] = '$UPDATE_TYPE'
if not zone_parser_testing:
result['rdata_pyparsing'] = {'s': s, 'loc': loc}
result['update_type'] = tokens[0][0]
return result
dollar_update_type = Group(lo(Suppress(lo(Combine('$UPDATE_TYPE')))) + lo(Word(updatetypechars)) + directive_line_end)
dollar_update_type.setParseAction(dollar_update_type_parse_action)
zone_parser = OneOrMore(origin|dollar_ttl|dollar_include|dollar_generate|dollar_update_type|comment_rr|comment_group|comment_rrflags|nullline|rr_lbl|rr_cont).ignore(comment)
# Uncommenting this makes debug painful..... we only
#
# from dms.zone_parser import zone_parser
#
# into where this grammar definition is used, and ignore all else.
# __all__ = ('zone_parser', )
# Test by using: from dms.zone_parser import *
# set_test_mode()
# zone_parser.parseString(, parseAll=True)
# where zone_parser can be replaced by other grammar elements
def init_test():
set_test_mode()
def do_all_tests(start=''):
for k in test.keys():
if (str(k) < str(start)):
continue
do_test(k)
input('>>> Press ')
def do_test(n):
print( 'test[%s] data:\n' % str(n) + test[n])
try:
print('Parse Output:\n' + repr(zone_parser.parseString(test[n],
parseAll=True)))
except ParseBaseException as exc:
print(str(exc))
rdata_test = {}
rdata_test[1] = "16 anathoth.net.\n"
rdata_test[2] = "ns1.anathoth.net. root.anathoth.net (\n 2011060900\n 600 600\n600 600\n )\n"
rdata_test[3] = '16 anathoth.net. "Something curly \" is here"\n'
test = {}
test[1] = "host IN A 192.168.23.4\n IN MX 16 anathoth.net.\n IN A 192.168.34.56\n"
test[2] = "host IN A 192.168.23.4\n IN MX 16 anathoth.net.\nhost2 IN A 192.168.34.56\n"
test[3] = "host IN A 192.168.23.4\n IN SOA ns1.anathoth.net. root.anathoth.net. (\n 2011060800\n 600\n ) 600 600 600\n IN MX 16 anathoth.net.\nhost2 IN A 192.168.34.56\n"
test[4] = "host IN A 192.168.23.4\n IN SOA ns1.anathoth.net. root.anathoth.net. (\n 2011060800\n 600\n 600 600 600 ) \n IN MX 16 anathoth.net.\nhost2 IN A 192.168.34.56\n\nhost3 IN A 192.168.45.6\n"
test[5] = "host IN A 192.168.23.4\n IN SOA ns1.anathoth.net. root.anathoth.net. (\n 2011060800\n 600\n 600 600 600 );another comment\n IN MX 16 anathoth.net.\nhost2 IN A 192.168.34.56\n\nhost3 600 A 192.168.45.6; another comment \n"
test[6] = ";# RR Comment 1\nhost IN A 192.168.23.4\n;# RRComment 3\n IN SOA ns1.anathoth.net. root.anathoth.net. (\n 2011060800\n 600\n 600 600 600 );another comment\n;# Stupid MX Record!\n IN MX 16 anathoth.net.\nhost2 IN A 192.168.34.56\n\nhost3 600 A 192.168.45.6; another comment \n"
test[7] = ";# RR Comment 1\nhost IN A 192.168.23.4\n;# RRComment 3\n IN SOA ns1.anathoth.net. root.anathoth.net. (\n 2011060800\n 600\n 600 600 600 );another comment\n;# Stupid MX Record!\n IN MX 16 anathoth.net.\nhost2 IN A 192.168.34.56\n\n;|\n;| Test RR Group Comment\n;|\nhost3 600 A 192.168.45.6; another comment \n"
test[8] = ';|\n;| Test RR Group Comment\n;|\nhost3 600 A 192.168.45.6; another comment \n'
test[9] = ';|\n;|\n;| Test RR Group Comment\n;|\nhost3 600 A 192.168.45.6; another comment \n'
test[10] = ';| Some Silly Stuff\n;|\n;| Test RR Group Comment\n;|\nhost3 600 A 192.168.45.6; another comment \n'
test[11] = ';#\n;# Test RR Comment\n;#\nhost3 600 A 192.168.45.6; another comment \n'
test['11a'] = ';#\n;# Test RR Comment\n;# \nhost3 600 A 192.168.45.6; another comment \n'
test[12] = ';|\n;|\n;| Test RR Comment\n;# \nhost3 600 A 192.168.45.6; another comment \n'
test[13] = ';# Some Silly Stuff\n;# Blah\n;# Test RR Comment\n;# \nhost3 600 A 192.168.45.6; another comment \n'
test['13a'] = ';# Some Silly Stuff\n;#\n;# Test RR Comment\n;#\nhost3 600 A 192.168.45.6; another comment \n'
#
test[14] = '''
$TTL 99999
$ORIGIN anathoth.net.
; This is a comment
;|
;| Apex records for anathoth.net.
;|
@ IN SOA ( ns1 ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
)
IN NS ns1
IN NS ns2
; This is a comment
;| Group Comment
;# Website Ip Address
@ IN A 203.79.116.183
ns1 IN A 203.79.116.183
ns2 IN A 210.5.55.246
;| Group Comment
;# Website Ip Address
@ IN A 203.79.116.183
host1 IN A 203.79.116.183
host2 IN A 210.5.55.246
;| Group Comment
;|
;#
@ IN A 203.79.116.183
host1 IN A 203.79.116.183
host2 IN A 210.5.55.246
@ IN A 203.79.116.183
host1 IN A 203.79.116.183
host2 IN A 210.5.55.246
'''
test['14a'] = '''
$TTL 99999
$ORIGIN anathoth.net.
;|
;| Apex records for anathoth.net.
;|
@ IN SOA ( ns1 ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
)
IN NS ns1
IN NS ns2
; This is a comment
;| Group Comment
;# Website Ip Address
@ IN A 203.79.116.183
ns1 IN A 203.79.116.183
ns2 IN A 210.5.55.246
;| Group Comment
;# Website Ip Address
@ IN A 203.79.116.183
host1 IN A 203.79.116.183
host2 IN A 210.5.55.246
;| Group Comment
;|
;#
@ IN A 203.79.116.183
host1 IN A 203.79.116.183
host2 IN A 210.5.55.246
@ IN A 203.79.116.183
host1 IN A 203.79.116.183
host2 IN A 210.5.55.246
'''
test[15] = """
$TTL 600
$ORIGIN anathoth.net.
;|
;| Apex resource records for anathoth.net. I need a new pair of
;| binoculars for cyber-space dancing!!!
;|
@ 2*3 IN SOA ( ns1.anathoth.net. ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
)
IN NS ns1.anathoth.net.
IN NS ns2.anathoth.net.
IN NS ns3.anathoth.net.
;# Website Ip Address
@ IN A 203.79.116.183
host IN A 210.5.55.246
ns1 IN A 203.79.116.183
;# This is the 2nd name server. It is NOT running.
ns2 IN A 210.5.55.246
"""
test[16] = """@ 2*3 IN SOA ( ns1.anathoth.net. ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
) \n"""
test[17] = """
$TTL 600
$ORIGIN anathoth.net.
;|
;| Apex resource records for anathoth.net. I need a new pair of
;| binoculars for cyber-space dancing!!!
;|
@ 23 IN SOA ( ns1.anathoth.net. ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
)
IN NS ns1.anathoth.net.
IN NS ns2.anathoth.net.
IN NS ns3.anathoth.net.
*
;# Website Ip Address
@ IN A 203.79.116.183
host IN A 210.5.55.246
ns1 IN A 203.79.116.183
;#3 This is the 2nd name server. It is NOT running.
ns2 IN A 210.5.55.246
"""
test[18] = """
$TTL 600
$ORIGIN anathoth.net.
;|
;| Apex resource records for anathoth.net. I need a new pair of
;| binoculars for cyber-space dancing!!!
;|
@ 23 IN SOA ( ns1.anathoth.net. ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
)
IN NS ns1.anathoth.net.
IN NS ns2.anathoth.net.
IN NS ns3.anathoth.net.
;# Website Ip Address
@ IN A 203.79.116.183
host IN A 210.5.55.246
ns1 IN A 203.79.116.183
;# This is the 2nd name server. It is NOT running.
ns2 I*N A 210.5.55.246
"""
test[19] = """
$TTL 600
$ORIGIN anathoth.net.
;|
;| Apex resource records for anathoth.net. I need a new pair of
;| binoculars for cyber-space dancing!!!
;|
@ 23 IN SOA ( ns1.anathoth.net. ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
)
IN NS ns1.anathoth.net.
IN NS ns2.anathoth.net.
IN NS ns3.anathoth.net.
;# Website Ip Address
@ IN A 203.79.116.183
;!LOCKPTR
host IN A 210.5.55.246
ns1 IN A 203.79.116.183
;# This is the 2nd name server. It is NOT running.
;!FORCEREV DISABLE REF:Anathoth65
ns2 IN A 210.5.55.246
;!TRACKREV DISABLE REF:Anathoth65
ns3 IN A 210.5.55.247
;!RROP:DELETE
host12 IN ANY ""
"""
test[20] = """;!BLAH
@ 23 IN SOA ( ns1.anathoth.net. ;Master NS
matthewgrant5.gmail.com. ;RP email
2011052603 ;Serial yyyymmddnn
86400 ;Refresh
3600 ;Retry
604800 ;Expire
600 ;Minimum/Ncache
) \n"""
test[21] = """esxi-bay11.c7000-2-b3 IN A 172.16.15.33
; ==========================================================
; san infrastructure
; ==========================================================
spa.cx4-120 IN A 172.16.8.2
spb.cx4-120 IN A 172.16.8.3
;
cx4-120 IN A 172.16.8.2
IN A 172.16.8.3
;
vnxe IN A 172.16.8.4
nas.vnxe IN A 172.16.1.2
"""
test[22] = """esxi-bay11.c7000-2-b3 IN A 172.16.15.33
; ==========================================================
; san infrastructure
; ==========================================================
spa.cx4-120 IN A 172.16.8.2
spb.cx4-120 IN A 172.16.8.3
;
cx4-120 IN A 172.16.8.2
IN A 172.16.8.3
;
vnxe IN A 172.16.8.4
nas.vnxe IN A 172.16.1.2
"""
test[23] = """esxi-bay11.c7000-2-b3 IN A 172.16.15.33
; ==========================================================
; san infrastructure
; ==========================================================
spa.cx4-120 IN A 172.16.8.2
spb.cx4-120 IN A 172.16.8.3
;
cx4-120 IN A 172.16.8.2
IN A 172.16.8.3
;
vnxe IN A 172.16.8.4
nas.vnxe IN A 172.16.1.2
"""
test[24] = """;
vnxe IN A 172.16.8.4
"""
test[25] = """; -----------------------
; external mail relay servers
; -----------------------
emr.mail IN A 210.5.49.130
; -----------------------
; directory services
; -----------------------
; load balancing address
ldap.dir IN 300 A 210.5.49.18
IN 300 A 210.5.49.19
; offical server names
master.dir IN 300 A 210.5.49.18
replica.dir IN 300 A 210.5.49.19
; -----------------------
; isx manager
; -----------------------
manager IN A 210.5.49.2
"""
test[26] = """; -----------------------
; external mail relay servers
; -----------------------
emr.mail IN A 210.5.49.130
; -----------------------
; directory services
; -----------------------
; load balancing address
ldap.dir 300 IN A 210.5.49.18
300 IN A 210.5.49.19
; offical server names
master.dir 300 IN A 210.5.49.18
replica.dir 300 IN A 210.5.49.19
; -----------------------
; isx manager
; -----------------------
manager IN A 210.5.49.2
"""
test[28] = """$TTL 24h;
; BIND version named 8.2.2-P5 Fri Mar 17 00:16:04 NZDT 2000
; BIND version root@isx-1.foo.bar.net.nz:/root/bind.8.2.2-P5/src/bin/named
; zone 'foo.bar-test21332.co.nz' first transfer
; from 210.55.4.13:53 (local 210.55.4.10) using AXFR at Sun Dec 24 00:45:45 2000
$ORIGIN co.nz.
foo.bar-test21332 3600 IN SOA drs.registerdirect.net.nz. hostmaster.registerdirect.net.nz. (
2000122401 3600 900 604800 3600 )
3600 IN NS ns1.blah.net.NZ.
3600 IN NS ns2.blah.net.NZ.
3600 IN A 210.55.4.14
3600 IN MX 10 mta.blah.net.NZ.
$ORIGIN foo.bar-test21332.CO.NZ.
www 3600 IN CNAME foo.bar-test21332.CO.NZ.
$INCLUDE /etc/passwd
$INCLUDE /etc/passwd thing.thing.
$GENERATE blah blah blah
$UPDATE_TYPE OxyPoxyBANG12
"""
test[29] = """internal.anathoth.net. IN DS 18174 7 2 C42492DB9DEF5CA9403D26F175247DFE86D913DA4BEDFC7D629F5E57 D6669FEB
"""
test[30] = """_443._tcp.mx.anathoth.net IN TLSA 1 1 573F1CA26AF1A8B04F87DAD9200F87D886C66E7781A528E9FBD564C8C82BA4A8
"""
���������������������������������������������������������������������������������������������dms-1.0.8.1/dms/zone_text_util.py�������������������������������������������������������������������0000664�0000000�0000000�00000054447�13227265140�0016673�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!usr/bin/env python3.2
#
# Copyright (c) Net24 Limited, Christchurch, New Zealand 2011-2012
# and Voyager Internet Ltd, New Zealand, 2012-2013
#
# This file is part of py-magcode-core.
#
# Py-magcode-core is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Py-magcode-core is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with py-magcode-core. If not, see " 1>&2
echo 1>&2
echo " Can only be run as root" 1>&2
echo 1>&2
exit 1
}
if [ $# -ne 1 -o "$1" = '-h' ]; then
usage
fi
#
# bail out if we are not root
if [ "`id -un`" != "root" ] ; then
echo 1>&2
echo " `basename $0`: you must be root to run this command." 1>&2
echo 1>&2
exit 1
fi
DOMAIN=`echo "$1" | perl -pe 's/^(\S+)\.$/\1/'`
set -e
# Random device
RAND_DEV="/dev/random"
#RAND_DEV="/dev/ttyS1"
# For Debian
NAMEDB_DIR="/var/lib/bind"
# For FreeBSD
#NAMEDB_DIR="/etc/namedb"
cd $NAMEDB_DIR
set -x
rm -f ${NAMEDB_DIR}/keys/K${DOMAIN}.*
rm -f ${NAMEDB_DIR}/ds/${DOMAIN}
dnssec-keygen -3 -r $RAND_DEV -f KSK -K "${NAMEDB_DIR}/keys" "$DOMAIN"
dnssec-dsfromkey -2 ${NAMEDB_DIR}/keys/K${DOMAIN}.*.key > "$NAMEDB_DIR/ds/${DOMAIN}"
dnssec-keygen -3 -r $RAND_DEV -K "${NAMEDB_DIR}/keys" "${DOMAIN}"
set +x
chown bind:dmsdmd $NAMEDB_DIR/keys/*
chmod 640 $NAMEDB_DIR/keys/*.private
# Force rsync of keys if zone not created yet.
if [ -e "$NAMEDB_DIR/dynamic/${DOMAIN}" ]; then
zone_tool reconfig_replica_sg
fi
�������������������������������������������������������dms-1.0.8.1/dns-recreateds��������������������������������������������������������������������������0000775�0000000�0000000�00000003403�13227265140�0015275�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/bash
#
# Copyright (c) Net24 Limited, Christchurch, New Zealand 2011-2012
# and Voyager Internet Ltd, New Zealand, 2012-2013
#
# This file is part of py-magcode-core.
#
# Py-magcode-core is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Py-magcode-core is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with py-magcode-core. If not, see |<*>" 1>&2
echo 1>&2
echo " Can only be run as root" 1>&2
echo 1>&2
exit 1
}
do_de_ds () {
dnssec-dsfromkey -2 $1 > "${NAMEDB_DIR}/ds/${2}";
}
set -e
if [ $# -ne 1 -o "$1" = '-h' ]; then
usage
fi
#
# bail out if we are not root
if [ "`id -un`" != "root" ] ; then
echo 1>&2
echo " `basename $0`: you must be root to run this command." 1>&2
echo 1>&2
exit 1
fi
if [ "$1" != "*" ]; then
DOMAIN=`echo "$1" | perl -pe 's/^(\S+)\.$/\1/'`
else
DOMAIN='*'
fi
# For Debian
NAMEDB_DIR="/var/lib/bind"
# For FreeBSD
#NAMEDB_DIR="/etc/namedb"
cd $NAMEDB_DIR
for K in ${NAMEDB_DIR}/keys/K${DOMAIN}*.key; do
if ! grep -q 'IN[[:space:]]\+DNSKEY[[:space:]]\+257' "${K}"; then
# Only create DS records for KSK key files
continue
fi
set -x
dnssec-dsfromkey -2 "$K" > "$NAMEDB_DIR/ds/${DOMAIN}";
set +x
done
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/doc/������������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13227265140�0013211�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/doc/.gitignore��������������������������������������������������������������������������0000664�0000000�0000000�00000000072�13227265140�0015200�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# pgdesigner file backups
*.ini.bak
*snapshot.ini
.~lock*
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/doc/Administration_Procedures.rst�������������������������������������������������������0000664�0000000�0000000�00000126004�13227265140�0021126�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.. _Administration-Procedures:
***************************
Administration Procedures
***************************
.. _Adding-a-DNS-Slave-to-DMS:
Adding a DNS Slave to DMS
=========================
Please refer to the Debian Install Documentation, :ref:`Setting-up-a-Slave-Server`
.. _Break-Fix-Scenarios:
Break Fix Scenarios
===================
.. _Log-and-Configuration-Files:
Log and Configuration Files
---------------------------
The following are detailed elsewhere in the documentation
====================================== ==================================================
:file:`/var/log/dms/dmsdmd.log\*` :command:`dmsdmd` logs
:file:`/var/log/local7.log` DMS named logs
:file:`/var/log/syslog` Basically everything
:file:`/etc/dms/dms.conf` :command:`dmsdmd`, WSGI and :command:`zone_tool` configuration file
:file:`/etc/dms` Various passwords, templates and things
====================================== ==================================================
See :ref:`Named.conf and Zone Templating ` for more details.
.. _Checking-DMS-Status:
Checking DMS Status
-------------------
#) Check that :command:`named`, :command:`postgres`, and :command:`dmsdmd` are running on the master.
#) Using :command:`zone_tool show_dms_status` on master server::
zone_tool > show_dms_status
show_master_status:
MASTER_SERVER: dms-akl
NAMED master configuration state:
hold_sg: HOLD_SG_NONE
hold_sg_name: None
hold_start: Wed Nov 7 16:52:36 2012
hold_stop: Wed Nov 7 17:02:36 2012
replica_sg_name: vygr-replica
state: HOLD
show_replica_sg:
sg_name: vygr-replica
config_dir: /etc/net24/server-config-templates
master_address: 2406:1e00:1001:1::2
master_alt_address: 2406:3e00:1001:1::2
replica_sg: True
zone_count: 37
Replica SG named status:
dms-chc 2406:3e00:1001:1::2
OK
ls_server:
dms-akl Wed Nov 7 16:52:46 2012 OK
2406:1e00:1001:1::2 None
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dms-chc Wed Nov 7 16:52:46 2012 OK
2406:3e00:1001:1::2 210.5.48.242
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dms-s1-akl Wed Nov 7 16:31:04 2012 RETRY
2406:1e00:1001:2::2 103.4.136.226
ping: 5 packets transmitted, 5 received, 0.00% packet loss
retry_msg:
Server 'dms-s1-akl': SOA query - timeout waiting for
response, retrying
dms-s1-chc Wed Nov 7 16:52:46 2012 OK
2406:3e00:1001:2::2 210.5.48.226
ping: 5 packets transmitted, 5 received, 0.00% packet loss
list_pending_events:
ServerSMConfigure dms-s1-akl Wed Nov 7 16:57:22
2012
ServerSMCheckServer dms-chc Wed Nov 7 16:53:55
2012
ServerSMCheckServer dms-akl Wed Nov 7 16:55:46
2012
ServerSMCheckServer dms-s1-chc Wed Nov 7 16:57:06
2012
MasterSMHoldTimeout Wed Nov 7 17:02:36
2012
zone_tool >
* Check Master server name, that machine is actually the master.
* Check master state, ``HOLD`` means named reconfigured in the last 10
minutes.
* All servers shown at bottom should be in ``OK`` or ``CONFIG`` states,
staying in ``RETRY`` or ``BROKEN`` means server may not be contactable.
``RETRY`` or ``BROKEN`` states should also have a ``retry_msg:`` field
giving the associated log message.
* :command:`list_pending_events` shows events that have to be processed.
* Any events that are scheduled in the past may indicate :command:`dmsdmd` having
serious problems.
.. _Failing-Over-as-Master-Server-has-Burned-(or-Subject-to-EQC-Claim):
Failing Over as Master Server has Burned (or Subject to EQC Claim)
------------------------------------------------------------------
On the Replica::
dms-chc: -root- [~]
# dms_promote_replica
+ perl -pe s/^#(\s*local7.* :ompgsql:\S+,dms,rsyslog,.*$)/\1/ -i
/etc/rsyslog.d/pgsql.conf
+ set +x
[ ok ] Stopping enhanced syslogd: rsyslogd.
[ ok ] Starting enhanced syslogd: rsyslogd.
+ perl -pe s/^NET24DMD_ENABLE=.*$/NET24DMD_ENABLE=true/ -i
/etc/default/net24dmd
+ perl -pe s/^OPTIONS=.*$/OPTIONS="-u bind"/ -i /etc/default/bind9
+ set +x
[....] Stopping domain name service...: bind9waiting for pid 8744 to die
. ok
[ ok ] Starting domain name service...: bind9.
[ ok ] Starting net24dmd: net24dmd.
+ zone_tool write_rndc_conf
+ zone_tool reconfig_all
+ perl -pe s/^#+(.*zone_tool vacuum_all)$/\1/ -i /etc/cron.d/dms-core
+ do_dms_wsgi
+ return 0
+ perl -pe s/^(\s*exit\s+0.*$)/#\1/ -i /etc/default/apache2
+ set +x
[ ok ] Starting web server: apache2.
dms-chc: -root- [~]
#
Wait till servers started, and then use :command:`zone_tool show_dms_status` to
check that everything becomes OK. This may take 15 minutes. The section about
:command:`ls_pending_events` will give scheduled times for servers to become
configured.
::
dms-chc: -root- [~]
# zone_tool show_dms_status
show_master_status:
MASTER_SERVER: dms-chc
NAMED master configuration state:
hold_sg: HOLD_SG_NONE
hold_sg_name: None
hold_start: Fri Nov 9 08:30:49 2012
hold_stop: Fri Nov 9 08:40:49 2012
replica_sg_name: vygr-replica
state: HOLD
show_replica_sg:
sg_name: vygr-replica
config_dir: /etc/net24/server-config-templates
master_address: 2406:1e00:1001:1::2
master_alt_address: 2406:3e00:1001:1::2
replica_sg: True
zone_count: 37
Replica SG named status:
dms-akl 2406:1e00:1001:1::2
RETRY
ls_server:
dms-akl Fri Nov 9 08:23:08 2012 RETRY
2406:1e00:1001:1::2 None
ping: 5 packets transmitted, 5 received, 0.00% packet loss
retry_msg:
Server 'dms-akl': SOA query - timeout waiting for response,
retrying
dms-chc Fri Nov 9 08:30:58 2012 OK
2406:3e00:1001:1::2 210.5.48.242
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dms-s1-akl Fri Nov 9 08:30:58 2012 OK
2406:1e00:1001:2::2 103.4.136.226
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dms-s1-chc Fri Nov 9 08:30:58 2012 OK
2406:3e00:1001:2::2 210.5.48.226
ping: 5 packets transmitted, 5 received, 0.00% packet loss
list_pending_events:
ServerSMCheckServer dms-chc Fri Nov 9 08:39:53
2012
MasterSMHoldTimeout Fri Nov 9 08:40:49
2012
ServerSMCheckServer dms-s1-chc Fri Nov 9 08:40:08
2012
ServerSMCheckServer dms-s1-akl Fri Nov 9 08:36:01
2012
ServerSMConfigure dms-akl Fri Nov 9 08:50:17
2012
dms-chc: -root- [~]
#
A new replica will need to be installed as per :ref:`DMS Master Server
Install`
.. _Stuck-Zone-not-Propagating:
Stuck Zone not Propagating
--------------------------
::
zone_tool > show_zonesm wham-blam.org
name: wham-blam.org.
alt_sg_name: None
auto_dnssec: False
ctime: Thu Aug 23 10:51:14 2012
deleted_start: None
edit_lock: True
edit_lock_token: None
inc_updates: False
lock_state: EDIT_UNLOCK
locked_at: None
locked_by: None
mtime: Thu Aug 23 10:51:14 2012
nsec3: True
reference: nutty-nutty@ANATHOTH-NET
sg_name: anathoth-internal
soa_serial: 2012091400
state: UNCONFIG
use_apex_ns: True
zi_candidate_id: 102880
zi_id: 102880
zone_id: 101448
zone_type: DynDNSZoneSM
zi_id: 102880
change_by: grantma@shalom-ext.internal.anathoth.net/Admin
ctime: Fri Sep 14 10:55:59 2012
mtime: Fri Sep 14 11:12:10 2012
ptime: Fri Sep 14 11:12:10 2012
soa_expire: 7d
soa_minimum: 600
soa_mname: ns1.internal.anathoth.net.
soa_refresh: 24h
soa_retry: 900
soa_rname: matthewgrant5.gmail.com.
soa_serial: 2012091400
soa_ttl: None
zone_id: 101448
zone_ttl: 24h
Maybe as above. Can be caused by:
* Failed events (manually failed or otherwise, Events queue deleted in
DB, permissions problems as follows)
* Permissions problems on the master server on the
:file:`/var/lib/bind/dynamic` directory - should be::
# ls -ld /var/lib/bind/dynamic/
drwxrwsr-x 2 bind dmsdmd 487424 Nov 9 08:47 /var/lib/bind/dynamic/
Do a :command:`reset_zonesm wham-blam.org`, (noting y/N and :abbr:`DNSSEC`
:abbr:`RRSIGs` being destroyed)::
zone_tool > reset_zonesm wham-blam.org.
*** WARNING - doing this destroys DNSSEC RRSIG data.
*** Do really you wish to do this?
--y/[N]> y
zone_tool >
And check again::
zone_tool > show_zonesm wham-blam.org
name: wham-blam.org.
alt_sg_name: None
auto_dnssec: False
ctime: Thu Aug 23 10:51:14 2012
deleted_start: None
edit_lock: True
edit_lock_token: None
inc_updates: False
lock_state: EDIT_UNLOCK
locked_at: None
locked_by: None
mtime: Thu Aug 23 10:51:14 2012
nsec3: True
reference: nutty-nutty@ANATHOTH-NET
sg_name: anathoth-internal
soa_serial: 2012091400
state: RESET
use_apex_ns: True
zi_candidate_id: 102880
zi_id: 102880
zone_id: 101448
zone_type: DynDNSZoneSM
zi_id: 102880
change_by: grantma@shalom-ext.internal.anathoth.net/Admin
ctime: Fri Sep 14 10:55:59 2012
mtime: Fri Sep 14 11:12:10 2012
ptime: Fri Sep 14 11:12:10 2012
soa_expire: 7d
soa_minimum: 600
soa_mname: ns1.internal.anathoth.net.
soa_refresh: 24h
soa_retry: 900
soa_rname: matthewgrant5.gmail.com.
soa_serial: 2012091400
soa_ttl: None
zone_id: 101448
zone_ttl: 24h
And then use :command:`show_zonesm` to check that zone state goes to
``PUBLISHED`` within 15 minutes. :command:`ls_pending_events` may also be
useful, as it will show the events to do with the zone being published.
::
show_zonesm wham-blam.org
name: wham-blam.org.
alt_sg_name: None
auto_dnssec: False
ctime: Thu Aug 23 10:51:14 2012
deleted_start: None
edit_lock: True
edit_lock_token: None
inc_updates: False
lock_state: EDIT_UNLOCK
locked_at: None
locked_by: None
mtime: Thu Aug 23 10:51:14 2012
nsec3: True
reference: nutty-nutty@ANATHOTH-NET
sg_name: anathoth-internal
soa_serial: 2012091400
state: RESET
use_apex_ns: True
zi_candidate_id: 102880
zi_id: 102880
zone_id: 101448
zone_type: DynDNSZoneSM
zi_id: 102880
change_by: grantma@shalom-ext.internal.anathoth.net/Admin
ctime: Fri Sep 14 10:55:59 2012
mtime: Fri Sep 14 11:12:10 2012
ptime: Fri Sep 14 11:12:10 2012
soa_expire: 7d
soa_minimum: 600
soa_mname: ns1.internal.anathoth.net.
soa_refresh: 24h
soa_retry: 900
soa_rname: matthewgrant5.gmail.com.
soa_serial: 2012091400
soa_ttl: None
zone_id: 101448
zone_ttl: 24h
zone_tool > ls_pending_events
ServerSMCheckServer shalom Fri Nov 9 08:50:35
2012
ServerSMCheckServer shalom-ext Fri Nov 9 08:50:40
2012
ServerSMCheckServer shalom-dr Fri Nov 9 08:50:46
2012
ServerSMCheckServer dns-slave1 Fri Nov 9 08:50:53
2012
ServerSMConfigure en-gedi-auth Fri Nov 9 08:55:31
2012
ZoneSMConfig wham-blam.org. Fri Nov 9 08:47:07
2012
MasterSMHoldTimeout Fri Nov 9 08:56:52
2012
ServerSMCheckServer dns-slave0 Fri Nov 9 08:54:29
2012
zone_tool > show_zonesm wham-blam.org
name: wham-blam.org.
alt_sg_name: None
auto_dnssec: False
ctime: Thu Aug 23 10:51:14 2012
deleted_start: None
edit_lock: True
edit_lock_token: None
inc_updates: False
lock_state: EDIT_UNLOCK
locked_at: None
locked_by: None
mtime: Thu Aug 23 10:51:14 2012
nsec3: True
reference: nutty-nutty@ANATHOTH-NET
sg_name: anathoth-internal
soa_serial: 2012091400
state: UNCONFIG
use_apex_ns: True
zi_candidate_id: 102880
zi_id: 102880
zone_id: 101448
zone_type: DynDNSZoneSM
zi_id: 102880
change_by: grantma@shalom-ext.internal.anathoth.net/Admin
ctime: Fri Sep 14 10:55:59 2012
mtime: Fri Sep 14 11:12:10 2012
ptime: Fri Sep 14 11:12:10 2012
soa_expire: 7d
soa_minimum: 600
soa_mname: ns1.internal.anathoth.net.
soa_refresh: 24h
soa_retry: 900
soa_rname: matthewgrant5.gmail.com.
soa_serial: 2012091400
soa_ttl: None
zone_id: 101448
zone_ttl: 24h
zone_tool > ls_pending_events
ServerSMCheckServer shalom Fri Nov 9 08:50:35
2012
ServerSMCheckServer shalom-ext Fri Nov 9 08:50:40
2012
ServerSMCheckServer shalom-dr Fri Nov 9 08:50:46
2012
ServerSMCheckServer dns-slave1 Fri Nov 9 08:50:53
2012
ServerSMConfigure en-gedi-auth Fri Nov 9 08:55:31
2012
MasterSMHoldTimeout Fri Nov 9 08:56:52
2012
ServerSMCheckServer dns-slave0 Fri Nov 9 08:54:29
2012
ZoneSMReconfigUpdate wham-blam.org. Fri Nov 9 08:57:10
2012
zone_tool > ls_pending_events
ServerSMCheckServer shalom-ext Fri Nov 9 09:00:25
2012
ServerSMCheckServer shalom-dr Fri Nov 9 09:00:44
2012
ServerSMCheckServer dns-slave0 Fri Nov 9 09:01:25
2012
ServerSMCheckServer dns-slave1 Fri Nov 9 09:02:11
2012
ServerSMConfigure en-gedi-auth Fri Nov 9 09:06:15
2012
MasterSMHoldTimeout Fri Nov 9 09:06:57
2012
ServerSMCheckServer shalom Fri Nov 9 09:05:11
2012
zone_tool > show_zonesm wham-blam.org
name: wham-blam.org.
alt_sg_name: None
auto_dnssec: False
ctime: Thu Aug 23 10:51:14 2012
deleted_start: None
edit_lock: True
edit_lock_token: None
inc_updates: False
lock_state: EDIT_UNLOCK
locked_at: None
locked_by: None
mtime: Thu Aug 23 10:51:14 2012
nsec3: True
reference: nutty-nutty@ANATHOTH-NET
sg_name: anathoth-internal
soa_serial: 2012091400
state: PUBLISHED
use_apex_ns: True
zi_candidate_id: 102880
zi_id: 102880
zone_id: 101448
zone_type: DynDNSZoneSM
zi_id: 102880
change_by: grantma@shalom-ext.internal.anathoth.net/Admin
ctime: Fri Sep 14 10:55:59 2012
mtime: Fri Nov 9 08:57:13 2012
ptime: Fri Nov 9 08:57:13 2012
soa_expire: 7d
soa_minimum: 600
soa_mname: ns1.internal.anathoth.net.
soa_refresh: 24h
soa_retry: 900
soa_rname: matthewgrant5.gmail.com.
soa_serial: 2012091400
soa_ttl: None
zone_id: 101448
zone_ttl: 24h
zone_tool >
.. _MasterSM-Stuck,-New-Zones-not-Being-Created:
MasterSM Stuck, New Zones not Being Created
-------------------------------------------
Can be caused by:
* Failed ``MasterSMHoldTimeout`` events (manually failed or otherwise,
Events queue deleted in DB etc)
* Permissions problems on the master server on the
:file:`/etc/bind/master-config directory` - Should be ``2755
dmsdmd:bind``::
shalom-ext: -grantma- [~]
$ ls -ld /etc/bind/master-config
drwxr-sr-x 2 net24dmd bind 4096 Nov 9 08:56 /etc/bind/master-config
This shows up in :command:`zone_tool show_dms_status`::
zone_tool > show_dms_status
show_master_status:
MASTER_SERVER: dms-akl
NAMED master configuration state:
hold_sg: HOLD_SG_NONE
hold_sg_name: None
hold_start: Wed Nov 7 16:52:36 2012
hold_stop: Wed Nov 7 17:02:36 2012
replica_sg_name: vygr-replica
state: HOLD
show_replica_sg:
sg_name: vygr-replica
config_dir: /etc/net24/server-config-templates
master_address: 2406:1e00:1001:1::2
master_alt_address: 2406:3e00:1001:1::2
replica_sg: True
zone_count: 37
Replica SG named status:
dms-chc 2406:3e00:1001:1::2
OK
ls_server:
dms-akl Wed Nov 7 16:52:46 2012 OK
2406:1e00:1001:1::2 None
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dms-chc Wed Nov 7 16:52:46 2012 OK
2406:3e00:1001:1::2 210.5.48.242
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dms-s1-akl Wed Nov 7 16:31:04 2012 RETRY
2406:1e00:1001:2::2 103.4.136.226
ping: 5 packets transmitted, 5 received, 0.00% packet loss
retry_msg:
Server 'dms-s1-akl': SOA query - timeout waiting for
response, retrying
dms-s1-chc Wed Nov 7 16:52:46 2012 OK
2406:3e00:1001:2::2 210.5.48.226
ping: 5 packets transmitted, 5 received, 0.00% packet loss
list_pending_events:
ServerSMConfigure dms-s1-akl Wed Nov 7 16:57:22
2012
ServerSMCheckServer dms-chc Wed Nov 7 16:53:55
2012
ServerSMCheckServer dms-akl Wed Nov 7 16:55:46
2012
ServerSMCheckServer dms-s1-chc Wed Nov 7 16:57:06
2012
zone_tool > exit
dms-akl: -root- [~]
# date
Wed Nov 7 16:54:42 NZDT 2012
Key things to look for:
* master status section shows ``hold_start`` and ``hold_stop`` being in the past
* there is no ``MasterSMHoldTimeout`` event
.. note::
The MasterSM state machine forward posts the MasterSMHoldTimeout event when entering the
HOLD state. If it does not get created or disappears or fails due to unforeseen events with
outages etc, the MasterSM will end up stuck as above.
The fix is to do :command:`zone_tool reset_master`. This will reset the ``MasterSM`` state machine.
.. _Stuck-ServerSM:
Stuck ServerSM
--------------
Just like the ``Master`` state machine getting stuck because of a missing
``MasterSMHoldTimeout event``, Server :abbr:`SMs` can end up being stuck in the
``CONFIG``, ``RETRY`` or ``BROKEN`` states due to missing events. There will be
missing ``ServerSMConfigure`` events for the server in the
:command:`ls_pending_events` output::
zone_tool > show_dms_status
show_master_status:
MASTER_SERVER: shalom-ext
NAMED master configuration state:
hold_sg: HOLD_SG_NONE
hold_sg_name: None
hold_start: None
hold_stop: None
replica_sg_name: anathoth-replica
state: READY
show_replica_sg:
sg_name: anathoth-replica
config_dir: /etc/bind/anathoth-master
master_address: 2001:470:f012:2::2
master_alt_address: 2001:470:f012:2::3
replica_sg: True
zone_count: 14
Replica SG named status:
shalom-dr 2001:470:f012:2::3
OK
ls_server:
dns-slave0 Fri Nov 9 09:56:48 2012 OK
2001:470:c:110e::2 111.65.238.10
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dns-slave1 Fri Nov 9 09:56:38 2012 OK
2001:470:66:23::2 111.65.238.11
ping: 5 packets transmitted, 5 received, 0.00% packet loss
en-gedi-auth Thu Nov 8 18:01:07 2012 RETRY
fd14:828:ba69:6:5054:ff:fe39:54f9 172.31.12.2
ping: 5 packets transmitted, 0 received, 100.00% packet loss
retry_msg:
Server 'en-gedi-auth': failed to rsync include files,
Command '['rsync', '--quiet', '-av', '--password-file',
'/etc/net24/rsync-dnsconf-password', '/var/lib/net24/dms-sg
/anathoth-internal/',
'dnsconf@[fd14:828:ba69:6:5054:ff:fe39:54f9]::dnsconf/']'
returned non-zero exit status 10, rsync: failed to connect
to fd14:828:ba69:6:5054:ff:fe39:54f9
(fd14:828:ba69:6:5054:ff:fe39:54f9): Connection timed out
(110), rsync error: error in socket IO (code 10) at
clientserver.c(122) [sender=3.0.9]
shalom Fri Nov 9 09:56:19 2012 OK
fd14:828:ba69:1:21c:f0ff:fefa:f3c0 192.168.110.1
ping: 5 packets transmitted, 5 received, 0.00% packet loss
shalom-dr Fri Nov 9 09:56:56 2012 OK
2001:470:f012:2::3 172.31.10.4
ping: 5 packets transmitted, 5 received, 0.00% packet loss
shalom-ext Fri Nov 9 09:58:21 2012 OK
2001:470:f012:2::2 172.31.10.2
ping: 5 packets transmitted, 5 received, 0.00% packet loss
list_pending_events:
ServerSMCheckServer shalom Fri Nov 9 10:01:43 2012
ServerSMCheckServer dns-slave1 Fri Nov 9 10:01:55 2012
ServerSMCheckServer dns-slave0 Fri Nov 9 10:03:17 2012
ServerSMCheckServer shalom-dr Fri Nov 9 10:05:25 2012
ServerSMCheckServer shalom-ext Fri Nov 9 10:04:49 2012
zone_tool >
.. note::
Above, the ``ls_server`` section of ``show_dms_status`` displays the
reason for going to ``RETRY`` or ``BROKEN`` in the displayed
``retry_msg`` field.
The fix, :command:`reset_server` the server, and use :command:`ls_pending_events` to check an
``ServerSMConfigure`` event is created::
zone_tool > reset_server en-gedi-auth
zone_tool > ls_pending_events
ServerSMCheckServer shalom Fri Nov 9 12:11:17 2012
ServerSMCheckServer shalom-ext Fri Nov 9 12:11:47 2012
ServerSMCheckServer en-gedi-auth Fri Nov 9 12:14:57 2012
ServerSMCheckServer dns-slave0 Fri Nov 9 12:18:02 2012
ServerSMCheckServer shalom-dr Fri Nov 9 12:15:09 2012
ServerSMCheckServer dns-slave1 Fri Nov 9 12:19:08 2012
ServerSMConfigure en-gedi-auth Fri Nov 9 12:10:39 2012
zone_tool >
Wait until the scheduled time posted for ``ServerSMConfigure``, and then do a
:command:`zone_tool show_dms_status` to make sure everything is going::
zone_tool > show_dms_status
show_master_status:
MASTER_SERVER: shalom-ext
NAMED master configuration state:
hold_sg: HOLD_SG_NONE
hold_sg_name: None
hold_start: None
hold_stop: None
replica_sg_name: anathoth-replica
state: READY
show_replica_sg:
sg_name: anathoth-replica
config_dir: /etc/bind/anathoth-master
master_address: 2001:470:f012:2::2
master_alt_address: 2001:470:f012:2::3
replica_sg: True
zone_count: 14
Replica SG named status:
shalom-dr 2001:470:f012:2::3
OK
ls_server:
dns-slave0 Fri Nov 9 12:08:29 2012 OK
2001:470:c:110e::2 111.65.238.10
ping: 5 packets transmitted, 5 received, 0.00% packet loss
dns-slave1 Fri Nov 9 12:10:19 2012 OK
2001:470:66:23::2 111.65.238.11
ping: 5 packets transmitted, 5 received, 0.00% packet loss
en-gedi-auth Fri Nov 9 12:10:43 2012 OK
fd14:828:ba69:6:5054:ff:fe39:54f9 172.31.12.2
ping: 5 packets transmitted, 5 received, 0.00% packet loss
shalom Fri Nov 9 12:11:19 2012 OK
fd14:828:ba69:1:21c:f0ff:fefa:f3c0 192.168.110.1
ping: 5 packets transmitted, 5 received, 0.00% packet loss
shalom-dr Fri Nov 9 12:09:44 2012 OK
2001:470:f012:2::3 172.31.10.4
ping: 5 packets transmitted, 5 received, 0.00% packet loss
shalom-ext Fri Nov 9 12:11:47 2012 OK
2001:470:f012:2::2 172.31.10.2
ping: 5 packets transmitted, 5 received, 0.00% packet loss
list_pending_events:
ServerSMCheckServer en-gedi-auth Fri Nov 9 12:14:57 2012
ServerSMCheckServer dns-slave0 Fri Nov 9 12:18:02 2012
ServerSMCheckServer shalom-dr Fri Nov 9 12:15:09 2012
ServerSMCheckServer dns-slave1 Fri Nov 9 12:19:08 2012
ServerSMCheckServer shalom Fri Nov 9 12:17:44 2012
ServerSMCheckServer shalom-ext Fri Nov 9 12:17:31 2012
zone_tool >
.. _Rebuilding-named-data-from-database:
Rebuilding named data from database
-----------------------------------
The named dynamic data in :file:`/var/lib/bind/dynamic` is corrupt, or missing
#. Stop :command:`named` and :command:`dmsdmd`::
root@dms3-master:~# service bind9 stop
[....] Stopping domain name service...: bind9waiting for pid 15462 to die
. ok
root@dms3-master:~# service net24dmd stop
[ ok ] Stopping net24dmd: net24dmd.
#. Check :file:`/var/lib/dms/master_config` and :file:`/var/lib/bind/dynamic` permissions.
:file:`/var/lib/dms/master-config`, should be ``2755 dmsdmd:bind``::
root@dms3-master:~# ls -ld /var/lib/dms/master-config/
drwxr-sr-x 2 dmsdmd bind 4096 Nov 9 12:39 /var/lib/dms/master-config/
root@dms3-master:~#
:file:`/var/lib/bind/dynamic`, should be ``2775 bind:dmsdmd``::
root@dms3-master:~# ls -ld /var/lib/bind/dynamic
drwxrwsr-x 2 bind dmsdmd 1683456 Nov 9 12:39 /var/lib/bind/dynamic
root@dms3-master:~#
#. Clear any files from :file:`/var/lib/bind/dynamic` if needed::
root@dms3-master:~# rm -rf /var/lib/bind/dynamic/*
root@dms3-master:~#
#. Run the restore process which recreates :file:`/etc/bind/master-config/` contents, and recreates contents of
:file:`/var/lib/bind/dynamic`. This may take some time. 40000 zones takes 20 - 30 minutes.
::
root@dms3-master:~# zone_tool restore_named_db
*** WARNING - doing this destroys DNSSEC RRSIG data. It is a last
resort in DR recovery.
*** Do really you wish to do this?
--y/[N]> y
#. Start :command:`named` and :command:`dmsdmd`::
root@dms3-master:~# service dmsdmd start
[ ok ] Starting dmsdmd: dmsdmd.
root@dms3-master:~# service bind9 start
[ ok ] Starting domain name service...: bind9.
root@dms3-master:~#
.. _Failed-Master,-Replica-/etc-not-up-to-date:
Failed Master, Replica /etc not up to date
------------------------------------------
The master and DR replica have the :command:`etckeeper` git archive mirrored
every 4 hours to the alternate server. See :ref:`etckeeper and /etc on Replica
and Master Servers `
.. _Recovering-DB-from-Backup:
Recovering DB from Backup
-------------------------
:file:`/etc/cron.d/dms-core` does daily FULL :command:`pg_dumpall` to
:file:`/var/backups/postresql-9.1-dms.sql.gz`, on replica and master, which are
rotated for 7 days.
To recover::
# cd /var/backups
# gunzip -c postregresql-9.1-dms.sql.gz | psql -U pgsql
There will be lots of :abbr:`SQL` output. The dump also contains DB user passwords, and
:abbr:`ACL`/permissions information, along with DB details for the whole PostgresQL
'dms' cluster.
.. _Regenerating-DS-material:
Regenerating :file:`ds/` DS material directory from Private Keys
----------------------------------------------------------------
Use the :command:`dns-recreateds` command to recreate a domains :abbr:`DNSSEC`
:abbr:`DS` material. The :file:`/var/lib/bind/keys` directory is rsynced to the
:abbr:`DR` replica by the master server :command:`dmsdmd` daemon. Use a '*'
argument to regenerate all :abbr:`DS` material.
::
shalom-ext: -root- [/var/lib/bind/keys]
# dns-recreateds anathoth.net
+ dnssec-dsfromkey -2 /var/lib/bind/keys/Kanathoth.net.+007+57318.key
+ set +x
shalom-ext: -root- [/var/lib/bind/keys]
#
.. _IPSEC-not-going:
IPSEC not going
---------------
These examples are between DNS slave server dns-slave1 and master shalom-ext,
using :command:`racoon`, via :command:`racoon-tool` in Debian Wheezy.
.. note::
The ICMPv6 setup is specific to this Debian Wheezy :command:`racoon` setup.
However, the test techniques are also applicable to usewith Strongswan and
other IPSEC software.
.. _IPSEC-not-going-Diagnosis:
Diagnosis
^^^^^^^^^
:command:`Ping6` server from master and vice-versa to check unencrypted network
level. (Transport mode encryption does not encrypt ICMPv6). Use the
:command:`zone_tool ls_server -v` command to get the DMS configured IPv6
addresses of both servers.
::
shalom-ext: -grantma- [~/dms]
$ zone_tool ls_server -v dns-slave1
dns-slave1 Mon Nov 12 13:57:20 2012 OK
2001:470:66:23::2 111.65.238.11
shalom-ext: -grantma- [~/dms]
$ zone_tool ls_server -v shalom-ext
shalom-ext Mon Nov 12 13:59:29 2012 OK
2001:470:f012:2::2 172.31.10.2
shalom-ext: -grantma- [~/dms]
$ ping6 2001:470:66:23::2
PING 2001:470:66:23::2(2001:470:66:23::2) 56 data bytes
64 bytes from 2001:470:66:23::2: icmp_seq=1 ttl=58 time=312 ms
64 bytes from 2001:470:66:23::2: icmp_seq=2 ttl=58 time=310 ms
64 bytes from 2001:470:66:23::2: icmp_seq=3 ttl=58 time=310 ms
^C
--- 2001:470:66:23::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 310.646/311.293/312.518/0.866 ms
shalom-ext: -grantma- [~/dms]
$
Telnet domain TCP ports both ways, and rsync out to slave server
from master. This checks that IPSEC encryption is running.
From shalom-ext::
shalom-ext: -grantma- [~/dms]
$ telnet 2001:470:66:23::2 53
Trying 2001:470:66:23::2...
Connected to 2001:470:66:23::2.
Escape character is '^]'.
^]c
telnet> c
Connection closed.
shalom-ext: -grantma- [~/dms]
$ telnet 2001:470:66:23::2 rsync
Trying 2001:470:66:23::2...
Connected to 2001:470:66:23::2.
Escape character is '^]'.
@RSYNCD: 30.0
^]c
telnet> c
Connection closed.
shalom-ext: -grantma- [~/dms]
$
From dns-slave1::
grantma@dns-slave1:~$ telnet 2001:470:f012:2::2 53
Trying 2001:470:f012:2::2...
Connected to 2001:470:f012:2::2.
Escape character is '^]'.
^]c
telnet> c
Connection closed.
grantma@dns-slave1:~$
If the DNS server is a DR replica, telnet the rsync port the other way also.
.. _IPSEC-not-going-Recovery:
Recovery
^^^^^^^^
For :command:`racoon` and :command:`strongswan`, if things are not working
restart the IPSEC connection at both ends:
.. note::
For Strongswan, use the :command:`ipsec up/down `.
:command:`ipsec status []` can be used to list all
connections, and query about status.
:command:`racoon` shalom-ext master::
shalom-ext: -root- [/home/grantma/dms]
# racoon-tool vlist
shalom-dr
dns-slave1
%anonymous
shalom-ext
shalom
dns-slave0
en-gedi-auth
shalom-ext: -root- [/home/grantma/dms]
# racoon-tool vreload dns-slave1
Reloading VPN dns-slave1...The result of line 2: No entry.
The result of line 5: No entry.
done.
shalom-ext: -root- [/home/grantma/dms]
#
:command:`racoon` dns-slave1::
root@dns-slave1:/home/grantma# racoon-tool vlist
shalom-dr
%anonymous
shalom-ext
root@dns-slave1:/home/grantma# racoon-tool vreload shalom-ext
Reloading VPN shalom-ext...The result of line 2: No entry.
The result of line 5: No entry.
done.
root@dns-slave1:/home/grantma#
.. note::
Wait 10 minutes for IPSEC replay timing to expire. Then retry the telnet steps above.
If IPSEC still will not work:
For :command:`racoon`, Use :command:`racoon-tool restart` on both ends. For
strongswan, use :command:`ipsec restart` on both ends.
shalom-ext::
shalom-ext: -root- [/home/grantma/dms]
# racoon-tool restart
Stopping IKE (ISAKMP/Oakley) server: racoon.
Flushing SAD and SPD...
SAD and SPD flushed.
Unloading IPSEC/crypto modules...
IPSEC/crypto modules unloaded.
Loading IPSEC/crypto modules...
IPSEC/crypto modules loaded.
Flushing SAD and SPD...
SAD and SPD flushed.
Loading SAD and SPD...
SAD and SPD loaded.
Configuring racoon...done.
Starting IKE (ISAKMP/Oakley) server: racoon.
shalom-ext: -root- [/home/grantma/dms]
#
dns-slave1::
root@dns-slave1:/home/grantma# racoon-tool restart
Stopping IKE (ISAKMP/Oakley) server: racoon.
Flushing SAD and SPD...
SAD and SPD flushed.
Unloading IPSEC/crypto modules...
IPSEC/crypto modules unloaded.
Loading IPSEC/crypto modules...
IPSEC/crypto modules loaded.
Flushing SAD and SPD...
SAD and SPD flushed.
Loading SAD and SPD...
SAD and SPD loaded.
Configuring racoon...done.
Starting IKE (ISAKMP/Oakley) server: racoon.
root@dns-slave1:/home/grantma#
.. note::
Wait 10 minutes for IPSEC replay timing to expire. Then retry the telnet steps above.
.. _DMS-Master-Server-Install:
DMS Master Server Install
=========================
Base Operating System: Debian Wheezy or later.
Create :file:`/etc/apt/apt.conf.d/00local.conf`::
// No point in installing a lot of fat on VM servers
APT::Install-Recommends "0";
APT::Install-Suggests "0";
Create :file:`/etc/apt/sources.list.d/00local.conf`::
deb http://deb-repo.devel.net.nz/debian/ wheezy main
deb-src http://deb-repo.devel.net.nz/debian/ wheezy main
Install these packages::
# apt-get install cron-apt screen tree procps psmisc sysstat sudo lsof open-vm-tools open-vm-dkms dms
If using ``netscript-2.4`` instead of ``ifupdown`` to properly install it because of cyclic boot
dependencies (I will look into this when have some spare time, and log an RC
Debian bug)::
# dpkg --force --purge ifupdown
# apt-get -f install
Further, for ``netscript-2.4``, edit :file:`/etc/netscript/network.conf` to configure
static addressing. Look for ``IF_AUTO``, set ``eth0_IPADDR``, and further down
comment out ``eth_start`` and ``eth_stop`` functions to turn
off :abbr:`DHCP`.
.. note::
For most setups, ``netscript-ipfilter`` is a suitable package for managing
Linux filtering rules without replacing ``ifupdown``.
``Netscript-2.4`` and ``netscript-ipfilter`` manage :command:`iptables` and
:command:`ip6tables` via :command:`iptables-save`/:command:`iptables-restore`,
and keeps a cyclic history which you can change back to if your filter changes
go wrong via :command:`netscript ipfilter/ip6filter save/usebackup`.
Then::
# aptitude update
# aptitude upgrade
.. _shell.tar.gz:
shell.tar.gz
------------
.. note::
This is just a personal Debian prompt thing of mine. You might say I get
too personal...
To fix shell prompt for larger terminals on master server makes typing in long
zone_tool commands at shell a lot clearer::
# tar -C / -xzf shell.tar.gz
Replaces :file:`/etc/skel` shell and :file:`/root` dot files with single line feed to force use of file in :file:`/etc`
Then edit :file:`/etc/environment.sh` to turn off various things like ``umask 00002`` for user id less than 1000.
.. _Completing-DNS-Setup:
Completing DMS Setup
--------------------
Then follow :ref:`Debian Install ` documentation.
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/doc/Attic/������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13227265140�0014255�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������dms-1.0.8.1/doc/Attic/DMS supported RR Types.txt����������������������������������������������������0000664�0000000�0000000�00000015717�13227265140�0021053�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Supported Resource Records
Resource Records supported in DMS backend. More can easily be added.
Reference information from http://en.wikipedia.org/wiki/List_of_DNS_record_types
CLASSES
builtins.object
ResourceRecord
RR_A
RR_AAAA
RR_CERT Certificate record Stores PKIX, SPKI, PGP, etc.
RR_CNAME
RR_DS Delegation signer The record used to identify the
DNSSEC signing key of a delegated zone
RR_HINFO
RR_IPSECKEY IPSEC Key Key record that can be used with IPSEC
RR_KX Key eXchanger record Used with some cryptographic systems
(not including DNSSEC) to identify a
key management agent for the
associated domain-name. Note that
this has nothing to do with DNS
Security. It is Informational status,
rather than being on the IETF
standards-track. It has always had
limited deployment, but is still in
use.
RR_LOC Location record Specifies a geographical location
associated with a domain name
RR_MX
RR_NAPTR Naming Authority Pointer Allows regular expression based
rewriting of domain names which can
then be used as URIs, further domain
names to lookups, etc.
RR_NS
RR_NSAP Access Point address
RR_PTR
RR_RP
RR_SOA
RR_SPF Sender Policy Framework Specified as part of the SPF protocol
in preference to the earlier
provisional practice of storing SPF
data in TXT records. Uses the same
format as the earlier TXT record.
RR_SRV Service locator Generalized service location record,
used for newer protocols instead of
creating protocol-specific records
such as MX.
RR_SSHFP SSH Public Key Fingerprint Resource record for publishing SSH
public host key fingerprints in the
DNS System, in order to aid in
verifying the authenticity of the
host.
RR_TXT
From RFC 2782
Here is the format of the SRV RR, whose DNS type code is 33:
_Service._Proto.Name TTL Class SRV Priority Weight Port Target
(There is an example near the end of this document.)
Service
The symbolic name of the desired service, as defined in Assigned
Numbers [STD 2] or locally. An underscore (_) is prepended to
the service identifier to avoid collisions with DNS labels that
occur in nature.
Some widely used services, notably POP, don't have a single
universal name. If Assigned Numbers names the service
indicated, that name is the only name which is legal for SRV
lookups. The Service is case insensitive.
Proto
The symbolic name of the desired protocol, with an underscore
(_) prepended to prevent collisions with DNS labels that occur
in nature. _TCP and _UDP are at present the most useful values
for this field, though any name defined by Assigned Numbers or
locally may be used (as for Service). The Proto is case
insensitive.
Name
The domain this RR refers to. The SRV RR is unique in that the
name one searches for is not this name; the example near the end
shows this clearly.
TTL
Standard DNS meaning [RFC 1035].
Class
Standard DNS meaning [RFC 1035]. SRV records occur in the IN
Class.
Priority
The priority of this target host. A client MUST attempt to
contact the target host with the lowest-numbered priority it can
reach; target hosts with the same priority SHOULD be tried in an
order defined by the weight field. The range is 0-65535. This
is a 16 bit unsigned integer in network byte order.
Weight
A server selection mechanism. The weight field specifies a
relative weight for entries with the same priority. Larger
weights SHOULD be given a proportionately higher probability of
being selected. The range of this number is 0-65535. This is a
16 bit unsigned integer in network byte order. Domain
administrators SHOULD use Weight 0 when there isn't any server
selection to do, to make the RR easier to read for humans (less
noisy). In the presence of records containing weights greater
than 0, records with weight 0 should have a very small chance of
being selected.
From RFC 4034
5.4. DS RR Example
The following example shows a DNSKEY RR and its corresponding DS RR.
dskey.example.com. 86400 IN DNSKEY 256 3 5 ( AQOeiiR0GOMYkDshWoSKz9Xz
fwJr1AYtsmx3TGkJaNXVbfi/
2pHm822aJ5iI9BMzNXxeYCmZ
DRD99WYwYqUSdjMmmAphXdvx
egXd/M5+X7OrzKBaMbCVdFLU
Uh6DhweJBjEVv5f2wwjM9Xzc
nOf+EPbtG9DMBmADjFDc2w/r
ljwvFw==
) ; key id = 60485
dskey.example.com. 86400 IN DS 60485 5 1 ( 2BB183AF5F22588179A53B0A
98631FAD1A292118 )
The first four text fields specify the name, TTL, Class, and RR type
(DS). Value 60485 is the key tag for the corresponding
"dskey.example.com." DNSKEY RR, and value 5 denotes the algorithm
used by this "dskey.example.com." DNSKEY RR. The value 1 is the
algorithm used to construct the digest, and the rest of the RDATA
text is the digest in hexadecimal.
�������������������������������������������������dms-1.0.8.1/doc/Attic/DMS-090713-1002-38.pdf��������������������������������������������������������0000664�0000000�0000000�00005033530�13227265140�0016755�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������%PDF-1.4
%âãÏÓ
42 0 obj<>/A<>/Subtype/Link/Rect[71.96 734.17 555.11 743.44]>>
endobj
43 0 obj<>/A<>/Subtype/Link/Rect[91.43 723.79 555.11 733.05]>>
endobj
44 0 obj<>/A<>/Subtype/Link/Rect[113.14 713.4 555.11 722.66]>>
endobj
45 0 obj<>/A<>/Subtype/Link/Rect[113.14 703.01 555.11 712.28]>>
endobj
46 0 obj<>/A<>/Subtype/Link/Rect[113.14 692.63 559.54 701.89]>>
endobj
47 0 obj<>/A<>/Subtype/Link/Rect[91.43 682.24 559.54 691.5]>>
endobj
48 0 obj<>/A<>/Subtype/Link/Rect[91.43 671.85 559.54 681.11]>>
endobj
49 0 obj<>/A<>/Subtype/Link/Rect[113.14 661.46 559.54 670.73]>>
endobj
50 0 obj<>/A<>/Subtype/Link/Rect[113.14 651.08 559.54 660.34]>>
endobj
51 0 obj<>/A<>/Subtype/Link/Rect[113.14 640.69 559.54 649.95]>>
endobj
52 0 obj<>/A<>/Subtype/Link/Rect[113.14 630.3 559.54 639.56]>>
endobj
53 0 obj<>/A<>/Subtype/Link/Rect[113.14 619.91 559.54 629.17]>>
endobj
54 0 obj<>/A<>/Subtype/Link/Rect[113.14 609.53 559.54 618.79]>>
endobj
55 0 obj<>/A<>/Subtype/Link/Rect[113.14 599.14 559.54 608.4]>>
endobj
56 0 obj<>/A<>/Subtype/Link/Rect[91.43 588.75 559.54 598.01]>>
endobj
57 0 obj<>/A<>/Subtype/Link/Rect[113.14 578.36 559.54 587.63]>>
endobj
58 0 obj<>/A<>/Subtype/Link/Rect[134.85 567.97 559.54 577.24]>>
endobj
59 0 obj<>/A<>/Subtype/Link/Rect[91.43 557.59 564 566.85]>>
endobj
60 0 obj<>/A<>/Subtype/Link/Rect[113.14 547.2 564 556.46]>>
endobj
61 0 obj<>/A<>/Subtype/Link/Rect[113.14 536.81 564 546.08]>>
endobj
62 0 obj<>/A<>/Subtype/Link/Rect[113.14 526.42 564 535.69]>>
endobj
63 0 obj<>/A<>/Subtype/Link/Rect[113.14 516.04 564 525.3]>>
endobj
64 0 obj<>/A<>/Subtype/Link/Rect[113.14 505.65 564 514.91]>>
endobj
65 0 obj<>/A<>/Subtype/Link/Rect[113.14 495.26 564 504.52]>>
endobj
66 0 obj<>/A<>/Subtype/Link/Rect[113.14 484.88 564 494.14]>>
endobj
67 0 obj<>/A<>/Subtype/Link/Rect[113.14 474.49 564 483.75]>>
endobj
68 0 obj<>/A<>/Subtype/Link/Rect[113.14 464.1 564 473.36]>>
endobj
69 0 obj<>/A<>/Subtype/Link/Rect[117.56 453.71 564 462.98]>>
endobj
70 0 obj<>/A<>/Subtype/Link/Rect[117.56 443.32 564 452.59]>>
endobj
71 0 obj<>/A<>/Subtype/Link/Rect[117.56 432.94 564 442.2]>>
endobj
72 0 obj<>/A<>/Subtype/Link/Rect[117.56 422.55 564 431.81]>>
endobj
73 0 obj<>/A<>/Subtype/Link/Rect[117.56 412.16 564 421.43]>>
endobj
74 0 obj<>/A<>/Subtype/Link/Rect[117.56 401.77 564 411.04]>>
endobj
75 0 obj<>/A<>/Subtype/Link/Rect[117.56 391.39 564 400.65]>>
endobj
76 0 obj<>/A<>/Subtype/Link/Rect[117.56 381 564 390.26]>>
endobj
77 0 obj<>/A<>/Subtype/Link/Rect[117.56 370.61 564 379.88]>>
endobj
78 0 obj<>/A<>/Subtype/Link/Rect[117.56 360.22 564 369.49]>>
endobj
79 0 obj<>/A<>/Subtype/Link/Rect[117.56 349.84 564 359.1]>>
endobj
80 0 obj<>/A<>/Subtype/Link/Rect[117.56 339.45 564 348.71]>>
endobj
81 0 obj<>/A<>/Subtype/Link/Rect[91.43 329.06 564 338.33]>>
endobj
82 0 obj<>/A<>/Subtype/Link/Rect[113.14 318.67 564 327.94]>>
endobj
83 0 obj<>/A<>/Subtype/Link/Rect[113.14 308.29 564 317.55]>>
endobj
84 0 obj<>/A<>/Subtype/Link/Rect[113.14 297.9 564 307.16]>>
endobj
85 0 obj<>/A<>/Subtype/Link/Rect[113.14 287.51 564 296.77]>>
endobj
86 0 obj<>/A<>/Subtype/Link/Rect[113.14 277.13 564 286.39]>>
endobj
87 0 obj<>/A<>/Subtype/Link/Rect[134.85 266.74 564 276]>>
endobj
88 0 obj<>/A<>/Subtype/Link/Rect[134.85 256.35 564 265.61]>>
endobj
89 0 obj<>/A<>/Subtype/Link/Rect[134.85 245.96 564 255.22]>>
endobj
90 0 obj<>/A<>/Subtype/Link/Rect[134.85 235.58 564 244.84]>>
endobj
91 0 obj<>/A<>/Subtype/Link/Rect[134.85 225.19 564 234.45]>>
endobj
92 0 obj <>stream
xœÕkoÛF�†¿ëW̧E‹mYÞ/�“ØiSl�Çr� ›Å‚–DZ�IT(*iö×ï�ÉÑ9
º{Þ±]ÐA�ÄŽß—g†óxî3ú0{z9�UQÅêòzvz9{=û0�ƒ0)2õi�«ŸÍ�ŸE¡z9ûç¿Bu=KKU¤©Zϲ<í¿Zõ_¥e�Ú¯ÍÙ—ÃÏogof›Y¤ìŸöÝ,-‚*ÿÓ‡|�¥‰
¼�5_~ï�wc�eÿ˜‡™Ôÿð«‚ãÐS³ñ�ÜPn�y�‰mEpnHqCz¡¦�¹!½]3ø
ÂÊÃ0rCúçþ°7cL6$Po¿ù©ùÔ5;uÓ´êV¯¶êZïÞ÷h]Õ»åBÕG#‹·ß
‰L£¾úd‰|�„°2‘;ayž�Ð(olì�r¬;È¥†hlêÐÇ»–�M½kè�zq<0´6¨Þ5s�ý3Óùêúñ€akÑl?Û¯k6â¸t��°ÀS×K÷ ‘J��1‹mç�'‘ô�Š¤�Y„�8�É€�˜Aœ21J�½Ã‘�'z¥�<þ²¹vß"HÆ_forþîÈ#C “Lã ó©�I�Iz�H8€��0�I� °Ü´ÿ>ú�H2œ^/��{�¥hå�olrâ�œMVV¹Ìf�Û׉³IzŒMÒƒlÂ��›dH16É ¶ÝU¤���'�N7õÕÊÕ–'ËÝø�TYÆG‘§¦ïÎ<²ò��ï8
©<¦Çx$=È#�ÀñH�¡ip<’Aâ1 ƒÔCïp$Ã…¾1£—[�ä…Þé�®<Ç•��j�ï€#¥>�ªÇ(
�Ÿ)<Òc8’�Ä��àp$ƒ]‡#�ľd�Ä>�Ç#�.oµ]ØPÿ1ðý»kš•šëÝÎ.Åén!ÿ2|‘Ü© ¼�”þ´”y�à *¯‚�š)Œ¢¡
#ƒÄJ4Ôad��§C%†Gˆ‡J ÏCœõ8zD({¾ð�f¨wô’$€‹ÜÖ��†¤_~g�Ûy��ü¤=ûŽJ�njæ�ŒJ†Y(o’ÈB��4›8RIzŒJÒƒTÂ��•x„‘J2H-xåipT’Aw‹÷ZouÛƒùƒùV5�Ó×Ü®–‹ºÿ¿£ÔÒâtÕ?˜'è‘RÈ°
åõ•Ôn2Æ!$9Ä É1�áÇ�’�[ê#½¸÷º´Õ�®�ð#ýéG»öõ^ïµÝ¤¿Õ�yä�›—�óLM^ñÝ�FFW$lÕ·,š¶¡ð‘ô�¤�q„�8�É€õ1ƒT#f†ÈÈÃà$Ëõ¶iíæ‡ïÔÙþ}ÿoßfë]×6ð.ÛÜô�Ž^Í×Â"£+’ø2EYäAâ±fÃô�Œ¤�a„�8�É ´��F2ˆ�ìÒNKã��#�ÆÆ·�ðâÐ,Ïu·ß
±ãø(ðÔôÝ™G�X$Oø¤yf�óã<’�ã‘ô p�Ç#�„µvÇ#�ÄÊ1¶kz¸ÁñH†‘ÇÝp®nþò»q¿Ø0ÔÞ·ÀÌyœ�AvœŠ©Q„adtEòAÏ4Ë‚Ìcö‘é1�I�Â��p0²��=“(êw�2‡¸k±�’ÊÃ�Ùiã·tV¯õu`Ùë1ìg /õz»êOÆ�áSÓ<Š>5ƒž,²¢‰Š1Í‚ÈcÞ‘é1�I�²��p,²�ˆk4�‹äX,Ë ÷Ð;�Ép¦»Ý¢]n»ïÔ‹mW_ô®gòùre*Ìa?Т�6�ÏOŸIãè$��ôh9dÅ��Ón–Ã$
ŠLqHzC8€ãå@\’�8$‡ÄUÖo�ô0Œ ’á•i˜?.õ')Pf·—ò@SW{�ž¼´äéÆ4Nm£„ãIz�OÒƒxÂ��ž,�âúÌ€'9¤j²�ûÑ5lpx’áüswÛlT¿%ÍÖv[Ú�v[Zc;”?]^žK×Ù�™Ý]ÎÓðè�äE�Lðø�¼J}N]91ˆž×y«CªÅ¥—�:ðäT™÷�"zÎjÀmT_Ô‹Æ°f1�ÚÜñršôñ�¬º�{®X�`2'L‚Ügf‘ô�~¤� „�8�Y�ÄÅ–Crˆmsi�§=�#d¸Ð7ºÕ›…4{h�¿ÆÙQ¨©iû�Ède•ÈËÓ‰é�Ç�3L�ÁÉô�œx€�Nž�q!¦‡“9Ä=â‘Ý˃�F8™a®�ûvÙ}V—õ;{Æe§�ùJ<Ñ2,ÇðÈSów_2yA%ò&)ã ôh²™�#“ô ™p�G&˸"3I�qº_iÅ
ŽL2ŒKφÉvœ�ÿ›ÚÙû�ß~Û7îã-_?¶Í~kUó�Ej�óûReG©z”$²‚AH,b»�‹“HzŒDÒƒ$Â��‰,�ârÌ@"9Ä:2³7>á�G"�æ]Ýiõ²^Ü.i³£´�hï�‡º�¼'”¬ŒR¹W™ä±Ë¡$=�%éA(á��J–�qMf€’�âšLfï’À
�J2üZ/öû~f±¿ƒG_ÇTmÕøje¾{-Vó4|%$²‚Iê1‹‚Ücî‘é1�I�’��p$’!ÆÖc˜Cº�/�íb�np$’áM[o·ýŽ‰�›E«íQ�w¥Ä|¼P¢_£ÙévY¯Ôf¿¾�·”%±yUÙQ²��€Œ¨Tž]´×ùÅ�³‹L�Hz�@8€��1¶�Ã�ân²<ˆ}ô#dø®‹¸Õ«•:k:q¨Ý_áɃN]õ=�•�3‰ÊÂd> ��ÊáÜ�É¡c$�Ƽé?’‹Ÿ�Q�E‚ë‡3$¿Ô‹Û�K`”�Ë%,ØÔ$üEä�
À-8¶ÅÈ<æ�™�«ÎH/Í—ŒÕ��ÀUgp�ÆÍ6Ì ^`—Û}î�†a³
3<Ù|^Ô»N]èëý�‚¹øÒ<9q�L&+)�MS\‘ÇÝŠL¡Iz�M8€C“�ØÁ?f@îX÷Ð;2Éðt¿\]�#Ž«e½Qçõâ}ýN¾z¶¿S‚�ž�¾{!É��Œ-9�Ó„L�!Éô�’x€�IfÀNþ1ƒ¸²�Û+�pÃÈ$3üé•ÿê¦mÖjÞìÛ…¶Ûg›Ý²kÚÏÐ�3OÌcg‘ÕÊ;�cÓÙJ<&
™�c‘ô ‹p�Ç"�°³~Ì Þ��Ù3æ¸Á±H†3ÝÅiƒÝXA:�=n˜è¯-;JÅ×P)r²
�Ä¢´ŸÞ†ƒHz�DÒƒ Â��ˆdÀŽ÷1ƒ�¢�Ç�ç��‘�¯Ú廥ýزþC.:½èöö¢°ß&Ë“0-…Þ<2À*ñâ/SþyiF�ýp˜�°»Ÿ˜A\�î‡Ä��†»Ÿ˜ABr¸ûÉ'B÷“Ç[êï~bzqWxÿñ¸a¼û‰�žñ³�êhÉFŠmꌣ÷=9äÞ¸SÚãPš!¶¸g¦<¡É�‡;�@ÜÉ�âŽG�q'�ˆ»G„�w2Hc±�wÒ�ýÞÊÇàp'Ãs]wýgÏôÛÍ÷›ÅøA•�úÃ~9LÂKã²±¿Ë�ñè9g%�ŠŸrf J‹�ºÛÂa~Ѓ”�ô äðóGÆ�z�qüù�á�½4²��?ÈE¾£¾:Gõ�ïƒÞ�í·êy«õÓùÉøÑ—öC0‡ch�Ü”‚GÏö!©±tmKvRØMÙ�l“�„›� Ýx„�o2€|{D��'ƒÔ���'½ØcI½ô�q28ÆÙªóf×Ù�ž{ý�U�áß±þ
�=�ÛwdÒ�K·Áô°ÇE�‚·ì�°“�„� ìx„�v2€°{D�`Ç#�°“^œ:.ìGkã�G;�Þè+õË®Ÿ¢ët{S‹»¡Çic�sj¸ï…<åüÍÑòzöÁüý/Ò!�
endstream
endobj
1 0 obj<>>>/MediaBox[0 0 612 792]/Annots[42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 47 0 R 48 0 R 49 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R 58 0 R 59 0 R 60 0 R 61 0 R 62 0 R 63 0 R 64 0 R 65 0 R 66 0 R 67 0 R 68 0 R 69 0 R 70 0 R 71 0 R 72 0 R 73 0 R 74 0 R 75 0 R 76 0 R 77 0 R 78 0 R 79 0 R 80 0 R 81 0 R 82 0 R 83 0 R 84 0 R 85 0 R 86 0 R 87 0 R 88 0 R 89 0 R 90 0 R 91 0 R]>>
endobj
96 0 obj <>stream
xœíWÛnÛF�}çW�Ú—¶¨Ö\ryK‘‡&N�HêDjóÐ��M®$&¼(Ü•�çkò©½&iYV]ù¥(�Á;âÌá™Ù3³«Oγ…ãB”x°È��çóÉq‰ëG�\9�üŠ�?8Ô…WΟ¹;,†ˆ1¨œ dzUê�‹‰«Öøx°4Ï×Î;§v(¨¿vå°ˆ$!PÆ\‹¢—�fF™�F‰ŠÖ^SÛº®¥�ú�zŒÄ¾BaIg”Ú�„§ÂÐk¸î�‚K�¸$ÄO¬xí�D€@Ûn¬qH40�ê‡Qðä¹1�Ñ”eÈH‡ZxëPíó�¥fƒ“!ë1Ñ1ò®ð�Õû�nQ›�b´Ï�ÕX4è°]ímì²³ƒÀÊŸOÌÞ[í—’f/¿Ð†ú»Qå„
–‘%�ñ™Ý]k˜¢0/&15Å�;§Ýr¹�P�%”�I_¥ÞìäÒ�Ož[ÓKH�N�
åb�ª}þ£Ôz¹�X‰Ž‘w…¨Þ�p‹Ú¤�;äÂb¯ÃÖò°v/�æÇ�̺OÌÎû�rñ}ÐÈî®5LQh�õÅ�®{§Ýr¹�P�Í÷)a^_¥ÞìäÒ�Ož�“F1ñé„ÑP.Ö¡Úç?J—Ë€õ˜è�yWøˆêý�·¨M
±C.¾çuØZ�ÖîåBãÈ€�÷‰Ù{�C.”�$î†5LQ’€ø¾©õ`Ù»ì�Ë]p¦dh»7â7;±ôÁ“çÆLÂî`êù�¥b�Ww;�sêe2à;¦8BÝ�<¢xoø”Ô$ý��¡~Ø!�I�ûF"®=b¬ûÄì¼�*‘G8a�N㨓ûá4Ž:��N㈚{� �Ô�ê�oà'¿x8œ`±Dõªo)(4/$a�‹ÊùîôÕ�N›l[ñZ¦²hêï��Ôm½�Ent�í2B™Žþ9¯Šº�²Õ¡ðÛ†›UZÂYÛd<߶\L�}’$�Ä0öÕ�Ü æE½‚�N_Ïa^¦—�d�Èrˆ‚mèÞæ��(*ªQž¥‚瀌NùE‘ÖðnÍù—ë� ü@Ýa�Ä¢MË/±,PÔB¦eirl–Ðò¬©°`9¾c“f�Ó��æ9È5‡eS–Í•Ê�yŸp™¤�©>$kê%ÉO\·l²´Ôæ�Ké�zYgéßÎ�%¯bQt±©ÕÉ ¼Æ\›BgÚ%k6¡l¤Jx™JUÌ?^àí%oG[z÷;pWc³©g‹'O^�àÙÛ®z�¾q¿ùé0¨�'jr�k¾]aíå�éßwÌnm�^D\Osøz¿’�׳É[®J�‚÷z�ïüQÇçþR²�ߤñ- ,�¹Íy·ëpQÔy�mš5¸ß¸®3ÈÚ¦ž¡£y6[7BÂû÷�m��¨š¯ê]�"k9¯a#ªBdØ[M¶� ñ;�×�ß.¡�¨µfÃëÙe5“MSŠGÞRæâ¥2Ðüæ¼ä™T™c_ê—CÅåºÉuÃëoAul±Ú¶»æä�t?Jˆ)ôüZd²„—gó�ϱ…¤Äî�÷kÈ����ÓiTsyÕ´�U�/J^ ¸*ä�Úm]«žm¶ºc/¶Ë%öé¸{<•ÜL¦¢äf" Í�g‘ïÎòJ̲¦å3ÄÕ3ÉàaÀ��™GBs�ÜŒ=ÄÈs¢ð£žÌûUç«ó)´
_lk��y[ó�Gs�k®Ž�³�êˆQ¥$�‰ÙÃ.£…ý}£KZ¥ŸU¾5JG
¶ê‡Áá?{ŠšÊ·œˆ���ÞÓ˜&Þa0a@¨?†ÁEÎ/Ï�ëü�ÇMÙ¬þ�^€?ʨÍò-�à�‡Åó3�:ÔeQqTØaH~BhO¬Ø\2"³Í9�[˜§Ô=�ÉÓWeÃée$“T�_¸’úçe[L±����‡W�7�2�‰� ÏWÙ¹\ãeý”†~Ì�Csñûpœ§Bcw =Ö,£AHŒ�ÒZßDp~ó²Is0Ý.à«jìQS�ñžº¿H”F$î��u‡(PVö�ÀÑßÊ£�g÷(��’˜^{«¶Ç»výÿ�ê?ñ�Jżqþ�~�‚Ô
endstream
endobj
3 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
97 0 obj <>stream
xœÕWÛRã8�}÷W¨jk«˜Aèæ[� —]��¹ÌÀÖ²5el%18v°��|
Ÿº-Û v�‰‹��–�Ø�u��µN·Ä½±?0�²]†�q80ºÆ½A0ᶉ�
†N`ðÖ ��ÿüKP`��ÙB ‰aZ"‹ò7á`¢ßa¸òZŒK#6(ÒŸtd��»�b”[%JþZÀìRA]‡ëèÜkÕ.]ÇÆа8²�ÇÂÕ(ð·4¢Ü�&Ŷö�¯êûÒI#�,�Á�ü:š×�@�3�l†m‘ã`»b�Ô�µà•ñÂ�&Ã&]a”‡–ð¥Ãd“mie°[e]'ZG~+¼Fu;À�µ•DÔöÙ¦9�å�l’{�v´°…E�°Â}Å\zëýÒÒ\ʯ"´ªþ^U¹Â�ÒÈ]�;´ÜÝÒ(’©‹™]$»ö¾pz[.ï�æIÓ6±–YZš�¹,ƒWÆK“A�²�FU¹”�“Mþµ¥-åRa]'ZG~+¼Fu;À�µ•D¼!�îX�ì\�¥½”�gn�Vº¯˜�ïÊå�êáã4~iž?Bƒ ý½3bï�ö & h0„MÓ��Y���š²…]��c‡b„¾�nõA²%†p¬Ï�ˆaÛc4q��f�p�„
íIå丹Ÿ$qùØUI�a?‰‡%Ú'lfN¯�´�ílAÊ…s��±ôU˜Ä×;¿�rèÍ"uý¥U]çû0�ÃÂÊaPù“¥þÏpÚ‚´�Ú�6iù-J‰lµX3DËŬ!zÁ$ŒfÊS³¬…‚0ón"�4C�pÞ�{7•2½ÞY²��ÊZ�X5^*µq¡œßÐÁY�y™’)¢Í‚‰ÀÜ]Kw6ö¢d²+ç�nº�s§–ž Sõ„/—Ö���ÜÚp�7Ï· ’äod©!�îbÎ7í�oœ'8ù{ù�ÒÆ0„`æ6K7o„(�[ŸRMÓý)½Pãp‚‹*ë$J"5ö�úë¢ØF¯ùÊJôüq¾““b'3™>Àcì=H=|#uÀ0�ÍR� $.üû��ãíR�k‘ŒµN9Íî°š+=I&�ºèŸÂÓO¥Ê0z9–±L= þ�ªq‡þÒ“hóVrËÆN©õéãHÆh×ËbD™Ó°+pS`»P×ÁÍ�Í;ßGñ%yœ;ÞÜ $ë{Ü ŸŸ=÷OõܹlßÎïÚWGWÇ—óäNÞŸ�öÑ••õz�áÑ©êt�ûûg�‹fS�¸[�™Ÿ´ðÔê¶OžùÍÉsw@¬s—tï{Vïø控ßNÍùÅ°�Ø�çûßN£¸«üø“åÉ\HmÑ”®wþNfÈ÷bäMÕî�¤�ÆP+Q„Bèš …3ïN¾lÑ�c¦&S-„�ÆAø��3/ZS?HU§fëSS˜“ÑêÔýï½ÃíµÁ�¢Dõâ¡ÐF¥è�àž…ÑÓWäÅ�ògjoªk�%º0¡F¡›ÀzÒ$Q@5Ë`-_Q– �ª5�¡(É2��¡äa9^*õ�ªA2�þ£(ZêË–%koÎ�•ÝËžb�¾k¥r;{m�åd/Õ0Å’‹�‰òo‚fȯw¸v*uã(ZMŽ_ÄZŸw�û�_«uL×ø�eRñ
endstream
endobj
98 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
100 0 obj <>stream
xœÍWËnã6�Ýë+�tÓ��×DÑÀlÚi��²�ÄÀ,�³P%9öÔ’f$%Aþf>µ—"E‹´�¹��H‚ĺֽGç��ññ-úm��$�Cë"úc�}ˆ¾E��.cô�1ô�Üü�Q‚î¢OŸ *"‘")�ª¢8�ÃÕ~¸�)&ú�nO.Íýmô1ª#Šôoû� ‰U‚XÊ™E�.
Ì
�”¥RW�YalS·Ñ&R\?Fò�Ç�G({½�®cÁpª�“�„c¦Æ!X ‚�øK5»×`SÌb�c,-”T‡�°~
ªƒ��Æ‚ÃÓŽˆ
åö�&¥z½ÀëÒV« qŸ¬‡|ªØã:[ÄÌWÂ�oJ(fp›%#4Ñ�6Þq�³�̦�¡ËÖC¦=ê|8qÜÔˆ�{�t¬ŒDb.ì�ÛÀÈ"â�§Ìé�„.õ¬uÎ!�ý��:�8†�ó¸ú Å„"–8–Çì¦ö±9ÕL‰×¬3Є¾ÏØ�?Uî�ž�8fç+rÊDBÉ�|0‰D’�´1?ŒÇü+ÙH°�§Ô�¶
Œ4<‰õ�GՃХžµÑ9d£!Ääðæ¹pb#W�¤˜ƒ.C�»©lN5Sâ5ël4¡ï3öÁO•{„ç�ŽÙùŠœ´�U#¸±‰`õ3h6?Œ]þ•lĹÄLÚÁ¶‘†%@è z�ºÔ³6:‡l4Ô‹�;h8†��¹ú Å„,¡X¨cvS�Ùœj¦ÄkÖÙhBßg샟*÷�Ï��³ó�9e#Îä�nlcbg#&‰A³ùaìò¯d#Æ�–Ì�¶
Œ44e˜Q§z�ºÔ³6:‡l4ä�«Ã�î‰\}bBMG%Çì¦6²9ÕL‰×¬³Ñ„¾ÏØ�?Uî�ž�8fç+rÊFŒ±�ÜØÆÄÎFTQƒfóÃØåÿ_��¤�œ�nÿ�rp� h½�¦ú�E‰ÀD¡T)¬Ï Uô3Ã�ý²þ¢��Wß8.ØAL%¸Z7ÀÃ�®ºmY°�Á•ž�u�"ìáªkæ‚=p8ÌÁD{ˆÃ�®:a/Ø���S5ô„=\u¶X°�
�I2ô �|¡��â˜�%é
�"�Xl›®ïP¶ß7Ïè�b„Еdµ!”ØjÅn)K¿æúkK~æY‰Š±0Îëʼ-ái›Ý¾„‡Ý–}~Ûv/u^`{ëBÈDaA�ÈOEÝåM½ù|a%œž��d¾fýväò÷®.�¡�¹{¸��F‚+�õqW¼Óh��p‚yê�<ü7�˜dyâ�äMU•u�Ýﳧ�ueûT¶Èô…²¶Ì.„&�ó؃Î�A²G�ì�Ýê�X�Ë(÷õ��”oÛ¦ÑT_Ê���Ë�sî�AG�jêý�àÔ…YäM–Cáaaû��Ý—¯ØyånF�!•Þ¦hvv€VÀî¦.{&nŒÃ;m‹›¯Y×=7m±¼^“Uô}ƒúí�f�>ÁšÛr¿G}ƒr#dŸµ�eæ•DÅ®-ó¾i_VË-Äsê�Ø$š×ú�øüÐìÁS©gn
–o›ç�iœ•þ÷:ì‚C5Ù,|Ï€GUe�à ïNÿåö�sŠ�p�›Êÿ”µ·y–oK£ÖÀô2õ™JôÉã ¾ž‰¬ú?€šrÌ,hÕ�HÂ�¿�·àXN6M÷ðbõÈÌPËmžæ¤õ$1ÓÀOâ´ËKà ušßòŠL¶`ë²ëõ’Xƒ£wO»þ�mÚ¦BïïîÑ]Öõ°Â½¥�×�95½‘ƒÏ�9»¼‘㇮ù�ý�ŒUø¡
endstream
endobj
101 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
102 0 obj <>stream
xœÕW[oÛ6�~ׯ8h�vAMÝo
¶‡v+��Ú5Ã�†! %ÚV#‘.%ÛñŠý÷�’²#Énö)¶Å�Lšç|çÊOGogWŽ�i�ÀUéüxå¼rÞ:�ñÂ4†�ÀOxøÆñ=øÙùãO�J'Ê "hœ8‰ôªÖ«(#žZãñ`iÎWÎï�w|P�¹t¢”ä „qõ(zi`f~äŹ¯´µÔtß‹®œ…“‡ÊL�&$V8QÞ¯k½Ž“ŒdJÔˆM¶�I…ã‘�<’়û�lF‚�·1Ic�•æw[Äúv¢=‘0Û8ÉI�žz¦õ{�½LsÊ(Ð^?�ø>öwŒ}N{äïý�§Îó1ªºïù$Àã 9€{jÑïëÃ>N3ƒÖËO÷GyU:Õ«Ç~�tÞ°!ïÚtâ�¢Æˆ™g}™ûÉ‹ÒVk��,"gúæ�p&kÊÿPãè8�[ø¡òäÜl�#�Çþ�ûÅ�7ï��Ætl”¿c�G¨g”G.Þ«>uj�þ¨(©¯5óà€¬›¢ß�šÄ`�éñî(û©
âú /HŒî�ô�ÙЇ«�:©�|H"âå%Xü�®�çë”�|sõF±ç�¸AŸ�Ã�èSœø�¹�×&:ïeZ
¿¢X�§lÚYCÛŽIÿ1t¬æ¬�Îv³¶¦[�¥hhÅûâÝ�šä1Áðî�•íž�–˜Y@¢À�3OCKDL`äO�ƒÏ
=NÈ4òs˜��y�’0·À´Ü‹HhŠþ—àìº�¢þ�
ÉhÇ®
Ö�uÆià ZÏhYJÖ¶v�p�!a4µ ƒ¾¦eSñëBðEµ�.®%/�™ø|�
N]Bœ�/GnRø¬âe>�â�o)
?8´ðó�åK�.ë
wŽÚ®ÊHIT�D¬»Jð�:�ÝŠÁBÔµØU|ù´·ðàô¢]�O]Ƈ¿RMC5û)¯�ž½�Æú~EäèÜt�ôe%YÑ ¹‡Gî–J· ÅŠé�<º°Ã�#’�#Lׅ˅ʔĖjÂ�ìh]Ãœu;Æ8ìÅ�(/Aå¸erËd«ÛQÞÙY
ðQíOªúÐú�¿Ÿh¸†î±ÅY©��Õ)ÞÁ�üª:B³©»j]3;ÃØùùÔîZÈ®=XLJßkÆ`Õu맮»ÛíÈÍœ�LvDÈ¥»ÝÔ[•næy¾�Z™�‘�q&=Í0†(áòõKXK±JŒ�/!� ÀÌ_¾„þ2³�[VBÛÑyÍÀÎ&²f–Lm�Êe�Œ†ç�º×…S Ø´Le¹�ªmî¨,Qøn�¸Ç*Òj�OþÆ�Ñ4L��^>˜×¢¸y¢û¨âè–9?Ælg�Y73� Ùº¦…�¶Ó�qÐ=é{íA]ϼ¯ZPpl%jÌ�±ƒDÂ>©ó]�-/y€¤œž´¨þC�õ±»ØúJ§8[*Çú�(Û©…9IM9\÷»�ú³³¬Þ£ÎÑسË_~€Z,[`Rª»…ÍE—x¥è\lLËI!:¸a{¤7Õ>ìv�S>±³ë#ÿŸ�™æÂ
IêÀ^›u‰OmsãÑRkHÆ΂‡ï�Ú€¢¤¶ç¤ª-4�)¦Ÿ)D+,?KI’tYý4"Iúo”ÕOüÃ[É ½%G‚(f[ZW˜V|€�Ýt®³}�2’hŠˆú«�¿53$Ž;�ê÷Ç ¦�!�UÁ__<÷½0¶³��$�7£ž‡/�ãfª+œ#ù�C|‡]\Ðz%ÚîÂö�ç IÎÃͶ "R¾·ÆÊB�i©âE½)�N�Ç¡KÏŽ335ºýp£g0Ëi$õHl�íèÕäUíûÚªt^9ÿ�m[Õ�
endstream
endobj
103 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
104 0 obj <>stream
xœíWMsÛ6�½óWì$—¶cA�¿ÙžÚ8=´I3©5ÓC§ãHHbL� HY£üžóS»�(š¤e‰vâ[Gc� v���ow¡OÎ/�Ç…8õ`‘;¯�Î{ç“ã�×CØ9�ü†‹��êÂ[çï\È 8� rÂ(0£ÒŒ‚„¸zŒË½¡]ß89¡ ?jí�1I#�<ï€b†�fFý4ICím¬ÆóÖt㬜ȇ(� ¥�%H�“ÒL���mˆF½ag¢ý]|ê’�ÿ�Íê�\B¼�ç�ñ#ƒCâÞ�¡~�8Öí4 1¡áñlÑÛõê„y[kÚ§ê–+ìH"7ë’ÝjÖ‡—òüË¿°Ü6°cM¶���n
�¬%dºu�ª˜Î– Ô°´P{¬˜Rõ„Vå��IlöÿÉ놩�ÌT”ŒÝhJB›ç/Í6‹Œ[GÜž9ÿj/õus2
��”mxv�ó[¦tJÌë}_Ø�•i+\)©¦lÈÓ!�ÚÞ«�ÍÕBŠûçRÛ%4×”¥½!\³¼*Äu«™T75ÌôÑ,÷ó�Û–xJ�ÊÇÔÙîTÉ kÓ;ØéLö|üua£˜WõÌî¾ìmk§Š†_kºfW“ꃇ÷ˆ(<…jƒe#9ˆÙ$|lm$òFøÞײ¦ø�ÑS¨çX}e󎪒â)Åv¿¯�[bY»2�Î뙺x+³™öN´Wd,"—o¯Z5_�·ˆ�mÁ±5ÅH�ÕkŠ ^07õu[»߱�š*[±=4ì�oJáÌs�c²mº6òÿO›>
íóÞù�£—š÷
endstream
endobj
105 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
114 0 obj<>/A<>/Subtype/Link/Rect[78.04 162.34 200.55 173.92]>>
endobj
115 0 obj<>/A<>/Subtype/Link/Rect[78.04 149.33 174.34 160.91]>>
endobj
116 0 obj<>/A<>/Subtype/Link/Rect[78.04 136.31 383.74 147.9]>>
endobj
117 0 obj<>/A<>/Subtype/Link/Rect[78.04 123.3 202.2 134.89]>>
endobj
118 0 obj<>/A<>/Subtype/Link/Rect[78.04 110.29 291.3 121.87]>>
endobj
119 0 obj<>/A<>/Subtype/Link/Rect[78.04 97.27 153.19 108.86]>>
endobj
120 0 obj<>/A<>/Subtype/Link/Rect[78.04 84.26 247.88 95.85]>>
endobj
121 0 obj<>/A<>/Subtype/Link/Rect[78.04 71.25 260.74 82.84]>>
endobj
122 0 obj<>/A<>/Subtype/Link/Rect[78.04 58.24 204.45 69.82]>>
endobj
123 0 obj <>stream
xœÍ˜ënÜD�Ç¿û)FâKAÄ«/+T‰„F�H¡M$$.ŠÜ]w³×Nw½)ð4<*ç23k/Ië´E"Q”ùÛçœùÍíøØo’ã‹DŠ¼Ôâb‘<½Hž'o�™J“;ñ6Ñâ;¸ù:QRœ%¿þ.Å"±…È�ëÄe–Z
µl‘JlÃíA“ï_%?'m¢�þn–‰ÍÓ2�¶ÔÒG¡&‡9R¦Te‰Þdu¨½éUò*ÉŒÈM–:�bKßn¨Už:ì�l†í`ƒî2µB¦�ü��uo´"Õ�¤KsGAð”�è‹¡ëÁm–ZAŒò€†<}to°~—ýhXÞ¹� 1Çïò�‘¾?À¿È�¦a´À¹¢X:�±%Y³n‚Ö:ç`l~ £5®�îɸï�;l¸ñöÛ‘iþƒ�~�†�ø‹“"SS
••©F÷ ‹T��.:�"O�pÉæAÌ�øou¼�ËE//("�²„À0�ï�s©\ˆÈ��¹7–žƒ½FŒsšzÉe©Ö{lçR•�lgS£B',"¶¿ÇhÞË�Š�±�¬~�°�ŒÏƈ$"6ËÀA^#Æ�¶5©V{l«S•�l«Ò8ÙÔŽÐ|‡¹¼‹��.2[›ê<0[�Ü>�‰ÈÌ2@×�pÄl`)öȺ¤©à8šv§ïƒE„ö÷˜Ì{± €�ÚÀñÊ�´ÑÅ¥c�¡Y�(ò��Ž˜!µ¨r�2š�Ž£�Í�÷Á"Bû{Læ½¼ ˆ‘�Ï¥
Ô
F��b;2“
�ä2��1K‹»12K“*�˜¥¦Iâ.XDf¹¼—��12K�œ Ì2Ke\:�‘šeà ¯�ã�»T¸��u)iý(LQbBã�¸�ý�¢ò�ܦX·Ôx|Ø£4©,|,n�XV¾wò�r
Ió�óK Ís�?ÅÈ3ZLŠÎí@êï�÷àváS�«����Ô*a¥¸�HYùÞÉcÈ5$Í�ž–@šY�;Å€Ç�Î Eçv õwˆÇ{pÛùlÅ*Ãmç=`>ÅS’J%.^A™OT…ëˆÆ�@Kq±N�-ÖÛ£uµíëÍQ³º?�um}Ùw]óùÅk,mß�)+���#EGñDÔmõ²©/·õæ¶Þˆ¯¶Mu[�µÕº~2-j¡S›QÔtš�̵u�q€ç����p€µƒu>�h³½¼©ÛŪ]^Ö·uÛo§�ƒ‡U�윦èüì¤k_–'WU»¬Å~Q”¸ïçbW‹¯wKØ�Óº„dÎãUv¦Ê�ì@-•žæ��Õ”Spõ§Âu�Mñ¼�þ™ìݼ´%彸�æ…´c܇ò:�;÷þÝð`^Sbiü¼ðšaxûžÑ²ŸŸ}Û5‹‹ÕºîvýýŒ�ëL�qõ�q%Õéèü÷$�[äXaMO�6·XÞ<À!£÷µ�8X*Ì�ÓÏöª{{¹]ŠÛ?—›#¸>-–¡j c…ÕØ./1;ÏFKô° Zcµ0�:§=|¹Xm�q�×ýüq[÷Ú>æ§�[�õõú¦©úzZ�µ�j“Qgœ.«ÅbSo·¾ÃgSéMI�Ä]�›~�tzÀÂ`�:�¸©ošÕ¼‚å�LÇiÕl'F„²Ae£ˆ´�æÝ®í��M>-�Ô%ÊŽÂ=ƒ�°�´*~ív›ª_uØö°2³iqá¥G7�¥/uT]7wä�me6Sµ”3%¥šéÙì®gÈ´®á-`¼�ÃÏßO
¡6—å]ìó«ù}ìæ“°k()eöQðÎ`A|˜!¼ïG}…¡ŽñÅ7-ËaÇ�GÁk’ämt¼©«kqºúCœÏ¡þÛ¬ºp–Á�N+~;ÄO:Ô›‚ò�¿1hÈÍÎyÙì%�ʨƒñdc, MÝ9'ÞÒñ‚þÐ-EÕ.ÄÉhcŸ®š˜q¼‹S¸�Ö‰‚œn¢nö�¿F”�åm'©ãüprUϯ¡€�ßœÓIÛ��™�ß”Ö æ”<êf¯s�d„8”Þz��˜:Þƒ§ÕªA¤�±|¯¶‚�ó‚«�q�WŽw›�²Åo:¸¼{ùºž÷¢ïÄÓç'⤩Vëß>��B;Ü߸àðœ�²‰�Ö©Ø3�Jo>>>/MediaBox[0 0 612 792]/Annots[114 0 R 115 0 R 116 0 R 117 0 R 118 0 R 119 0 R 120 0 R 121 0 R 122 0 R]>>
endobj
125 0 obj<>/A<>/Subtype/Link/Rect[78.04 731.7 332.48 743.29]>>
endobj
126 0 obj<>/A<>/Subtype/Link/Rect[78.04 718.69 152.14 730.28]>>
endobj
127 0 obj<>/A<>/Subtype/Link/Rect[108.08 705.67 152.06 717.26]>>
endobj
128 0 obj<>/A<>/Subtype/Link/Rect[108.08 692.66 150.38 704.25]>>
endobj
129 0 obj<>/A<>/Subtype/Link/Rect[68.63 502.73 220.05 514.31]>>
endobj
130 0 obj <>stream
xœÍYmoã6�þ®_Á×b£’HIþp@w“öîÚͶ‰¯�î�†`+¶[ÙJ%%Aî×ÜO½�¾‰¤åD»@Ó�»�i晇Ï�)Òû{ô~�Q’— Yn¢ëeôSô{DcšæœØ¢©GÚ0¼Í;dg‚Ô½�4¼�U$†7e¨²æ�Ë[™†©
ó9*ÞÈ,þ™�'�×WœmÒ)OS�'¬ûpÀDÕÝ‹&c—v‰œ"@‡ µÂaô�í–TÇ
ùÐ�ï÷ÛGìöH¾Ý7µ�Ý9&ˆ“¥ò!à,w5¹o›¦}Æ�«ºšlê¡�˜
©›¾~ÞÕðh$�ømÚõã¡>�2×�Y¸>öËM"&º|ªºË¦Ý^�ë!ÉÔß›Ã&†G_¿•â¡Ý�3Ñ�¢ß�/×gMØS2ŸIÓ®«&G�ó�8�W�ïȱ:ÔŸÃ ‡m ÷�ô/ýüìcüûªß�õæ…ÔØAÃnœaopà�~Û$‡zpK�¯¡‘f��AL�Þ‘ç~»—
ùŸöX¯†¶mÈÚkÍ{è©y�aõKSÃqèÍd6†þ\uûö±'�Uß?·Ý¦G†úðÐÀ�ÙKžR´�s…S˜±ªëîêú¿o�$°�Rî�ÁìêÈ¡µ�«Ç ?~a`‡‚ü©ü¼�"�&Ãýûhã7Îøº÷Êïµ�htÕÌn°eÝ¥ ÿ€Â‘¥Òhì§9ËR–�„FÌ�»zý�®$8AzX)�gHœAái.ãÙ¿¾"��êS
jŠ½#�m?l»�jˆDíäÇÕª{<�1_«–¨CÕÃÇqFʤ0“)”ï�clÝ~×>¯6‡~¥†€è
™ôu÷d�ü!»�É:üÄ‚sZR³�Žtÿ��v�8�…g\¥�W#Ô�‹y�°½OÕÇ•èëã7wËëÛÕÝõíÏ×·�ù�x]T¿5ó�a�›z€7ß|¼¾2òûk
Rç1M
�'¹�¼k›Íªß.ÈxýåÓ�W«»ïV7Ÿn®çÁæiœˆ)Ø�ö®Æ¾J̓��;æ�n¨ºÁ�ý�>;7í�!°£��ž,RA�Ê’y)²�®d1-=´[EÜ}§÷Ÿ³äâIËï:\^×»5™¼&Tðš•�Ïf~Ÿ˜ëÓ÷�àKNÚÿ7G~Œù)ú�ìü�î
endstream
endobj
106 0 obj<>>>/MediaBox[0 0 612 792]/Annots[125 0 R 126 0 R 127 0 R 128 0 R 129 0 R]>>
endobj
131 0 obj <>stream
xœÍWmOÛ0�þî_q_&¶ <¿;É·mÚ4m��DBÓ4UUë¾@š”$�ñïg'¡M��wB�©ªØñÝsÏÏ]Ó�ô%F�tÈ �£o1:C7ˆ`µ„;Äà§]¼B”À1úó—À�‰�´�°@R‰j”T#�`âÆv¹5¬×gè�¥ˆ‚ûäS$4��(NYƒR
k˜#Êu@´ó®¬úóÆt†&Hq ”
ÌC�#Âõ,©f�3gi6£…� X�ÁÊ~�GëY¼�3é�p¬D……u{ná>v�ú�õœãPwHUŽ
|µ¸ØfÙÚSã�vøö�¶1�;wÙ½èÞ£Ôß{çt5‘ˆx€&µ}ý Y?`5\cßÝ99E®U×ÒW[v�1Öt^ƒoƒ��÷±i¶Uûé»�œ-U
ñÄæß-PÐsÓŒbm+zÞ'Å 0ùÊäчøÊ�ø�žÄÞhå9^�GÃë�ž¼.Í�N²�€�ª"É"¡€�[œ½ëô—WX�J¬«¨�ŽL��QCHD ¡�¢GØÕu’¥Æ/DÀ°
;1–ót�„åptmÊ�Ê|˜�‹yYšñ¡}œ›‘™¯ÜØ"’w�$YQøET!VzËÑl´Ÿ\J…•zœLþr2™…”؉R0¿XÂÊSî5©œ¸‚xHjA·h´›TN#[¡O%õü[|þÛ/2ÕØöãgDʶå•�Ž�¦\Ù�¬ü‚¹�H÷™X�RÜUMnÊü~°(¦~CÚ›ì��ÀEÕ{à`sV��\œ~†›[“ßÃ�”ó…ÉnK¸�ÎK»A˜d¹_4%±�zÑrS,³´0‡5w‹ç‡%�–ª©§kõ•�Uò�Kù\¡n�Ô¦P=õ$™ÂRìUOÄR¬�œÌ‹r°4éØF�˜•IËÂOR"иNP£‹ã¯Y:™Oos³NÅ�]@êˆùõ5¡��µ–Ý�ûù(jO¤ËvfF×M lØúþ�ðHJ¿ÈV�BíÈ–[ýH�¶¾¯�ÒVƒ_dÆ°�;²%!�̃oíêˆø±å¡Â‚îÆ–�¶ÝW.ÇâtddÉ8n:ÇÕ&k™²ˆ{’ÕÄý�è‘}�¯®ÿÃÂùœ¡uä�
endstream
endobj
132 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
133 0 obj <>stream
xœíXÛnÛF�}çW,â<$¾¬¸¼S@�äâ´i�»‰��E”
4¹–˜ð¢”]÷¡ß’OíÌ^(‘’m6q€<4F`�¹sæììÙÙY2žN�“ø¡E&‰q<1Þ�Ÿ�“š¶ï’+Ã"¿ÀÇ��3ÉkãÝ{“$†��ßqHn¸ž#ž2ñä�ÔÄgø¼ñ(¿/ŒßÂ`�ª¹áø4ôˆošFÁG sÄlŸ1†ÞbTßVC�Æ…áÙ„�̤vˆ0NØZ™°¼0¤–��ŒÛ|^B�“:Ĥ�ü�Ú˜�µ\xa†Ôs��õ7m€Ûï�ôGH�É„~˜pV!Ô€ü¶ñ�*ç°Ã½Ç¶‹½� Ëv�Ä�½~>:«î3…fjxS75¼xá›Ä“�=s=�W�µÚêqCy›‚\Ë´G�Òé:�ꨥV†L
ó\ê0¥˜çvÐnñÜ�(�‡�tÂ6S©…Ó:÷¾«Äz�e^ѦlÔ€ü¶ñ©µ²Ù`Ý%ÚEÞåÞ¡z7À�µ^"v(Ƶ™Æ�úPv«�æ»�L ¤k¶£ïC.Ì‚Õöue†L
”© ~ ÓݵÚ7Ô›�@eâ�l.k8m¶µF;÷¾KSò0í-V›²i�åwyõ&º®:ë�tI÷#ì†èP��²ƒf/9»
�TF…/e#íVFxЄ�N:l½h=¾TJߦÀ~ �“à�æF��^àQ�� M—Z>Ä¥.œ8ƒÛÝ�¨ãk#6<Ÿ:VûÍ£®×z)C Â@eúÔ�ˆö
°ÚhDaÀ@�M˜š‡ðêpŒEöÕ+ߦ6[Óö-jyš6¬Y�C<·¤å�ÉK¹(CÀµœ}‡Ú¾æ�UŲZ!Ÿ�óa|��5‚|Tžóèš�eƒ±aÊ
$8:Ï8%Ÿ·¢H&šk”Õ%YD—œD¦ºžåõ|L.R��çé%r…¬
cermÁ*ªë2N!PB²r�kR×Ñ|
ó¨Ç�J–ÖÍlÉ‹�XÌø%/�™óš(CèJ°oJœú²*c�Å“a‘L›J1=)®;QÅI�/x²ÊÖÂY¢p0Ï)�Šan¤àå$y‚�0Q°�i¹ª‘�$?ﬥµÍ�6¢‹çš�Ö‹(Í�ä�—3ªõ>:“뻀7OWU�t¦`5ÏVç�xÜà¼ß<#ϲ(ͧï˜6�t¡Nˆx§rVoù2ƒÙŒ•ë7(ë·�.—Ùx²#£$¯âE<&GUY6GäÝ?ïÉæŒnÆ0Ź‡�{�Pf°�yÙðY%'7�ÄNHò8 K^eäh "�ý¹7}4ÖûY�G™O÷ɸ̗óúS6žNÏ��!ÚaU_× òCºÿpúx4²�9J‡Å„N†…"èˆ7ñH!Ñd$BP¬^À »`¾b_ó†�ü5Ì�Ö“É=ðŽ”�É{rÖ”Ë%ê�‹¨ˆAo’S2&Š]B‡AÛpIt»ÐQÕÜ�4t%ÌÙ±V'Ç�ËyþúùìøäÉÓWÇ?ÀŠŒúïšjŇ/��ÆÌ^/PÂ/¢UÖŒôÎ��b‡°=Ø�º§¿M^žžœ šúùÁÑŠœC…y€�I'(¾�‡E� ‡ûïj°¡Ï3¥�ßQø·¡†¤Ì#¨ƒx¬Šã/9���ªáU”Šu½€Â´L��`��•)Iù°¸®OM©^ŠR�æä8ÔôvêëV²Ã$fÛŒš»Õ«×~Ü>
„dâÔ‘«²nÒ®ª�+U‘ijÁÛÝ6]jZ[PºÝ™Ao5�Ç
-ñ~»è�L�Ñý5òe�¯V9âN�?Ô%Nª3®Ê�
–(Þe5lÁ-?TA“r†�ûªž�Û–çÒP;CÃ�G"1‡yº�öÙÛs•õÿ•6ðûÀ”U|¯3G½�£%ô°Ü��Ï�ñéÿy�Z–GÃÝÊ»âçª÷��Ee˜ô,SüYå«�Y�çc¨�Ùoy¯���{[�¿Cm!MºÙuc:xrH¢"Á�¦ «šoì�ì�…¨°Ó…n�
Q,.�¢µƒ6¯ºn�˜ÎsØ.ЙB§�}òd�÷�èîîn¡�”�uú4ÑGN€¨ºK��,9q“–p18/W
Éê~�{…³Þz³ÇlRd‚�TOSt´H¬ï0ôs§M»÷kïí
€b¡.__,"?Ô÷¨½›WlXÏ�½»T´ð–�A�0þ
y~?@üÿ/,}*èóÆø�«ÝÇœ
endstream
endobj
107 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
134 0 obj <>stream
xœÍXÛnÛF�}çWìK‘¶ˆÆ{_’on£$h+�±„�EQ�‚´¶�S¤LR6ܯïðb™”iue¤FV0Ä!gÏœ=3ZúÆûeæQb�NfKo<ó>y7��*Œ"w�'¿áï�£dâýõ7%KOúÄHIÖžÒ²¾Jê+é�®ñqç²y¾ò¾x©ÇHõɯ˜m,é“÷‚0¬cFf—¸
Õ�FŒ_Í2œÁr_{?’vLN§³ñE4�_|�_„õåº�-V‹Ÿf_«®p�Q�
L�ðìt2~GÖó¢´9Ydée|µÍçeœ¥¤(ç¥
ÝpuP º�¼Ê’eT\…äq|<ÿã]4ý�ŸÝ`�Ö‰�‚ÒùÚ¶ØgYjÝà¤��àÊy^Ïc„¼%$ Ô��
±�9eÜ-„À.%‡Bd›ÇTôCÈ#C0�Ødº!r»Iâż›—Ûû«|ÔÞwƒ¥�4ëÁ6� ÝQm¡�œÂ/�ÔpÅ*»‹�)º)Ji�ÊïÓéíz;Ž^§R�T_Sì£eœw°Ol¹8ImÉåIaó[›�·Qi×›��S¸…��¨¾æšb‹æËen‹¢
É%Õ!³”†ŒR�²0tSƒâ�”�ÄOÊNŒ�_¼�Ÿ Pü�µuÒ5Ë·nE¨(�Õ×Ù?XÀÑ"Û¦e�P�'8i$È �wÑð#Ó�¤Ò˲Öñ¶pÓÔ�d_wUƒ_'dp�ìÛ€—[h¡@ö¥²[Òxvñ§��
@6û•�Q£\·•‹@ƒl6æàŠûÍ‹‹úuóz9g‡‡¾„ݲzDë�†‚èËd�§(`E6óŵ-�Ræó´XÇei—oñvn�6¾®�‘þк‘$+Ü
_(�Âß+œ2¿Ö®-PH BïéaZï(yÓnÑ›LÏOÉÍÖæ÷dDÊxm³mIîæq‰Ë#—YŽQ‹M–�ö[PÁ@ì‹°&Žxn�Ì�!w:£‰‹ŽðwV
ëèüw·°TàOU$þ[E�!±ôð$'Ýš"ÇÓ`¯©&n��»œ�ì™òüÆ9åZ���U&.§ŒbM�¾��çÚ-˜�ÀÍ«&�_f¸îfuX¬ß:«ÜTï��”úlV�•êšT&QÕ¯™Tæ#»¦6’¸(£M—�1²·6-�„™QДrÓ_WvqÝö¾f�Ó[‚P ·Àš�k�ï|�g2�ÖèvRŸ¼¦“x䟵Øa�¼�¸EÆêbúH¶\�S�¹u¬�dK}·ÈxŸÉãØ��˜‹�\�¢�)s
ìcïbÇq5�XŸjû6mwlŽ8W)l�n'`å�}"Ùïæ_�/!RÍùäý�õ�‡�
endstream
endobj
136 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
137 0 obj <>stream
xœÕ’?K�1�Åûù�S��“ÿI+Ø�X�,XˆÝ¡‡ì�œ_ÿ2ɺ›DÔÆF–…7™7?^È\àn�Æ4N�¸Ÿ`��`b��~€Æ]n¾b|€§gÆ�؈ÁZ<󶨹(�‰Eçv#kÿ�p�…ò½¿‚
”D�ïÞ½nP•Äú�ÍÕ_�æõ@WÜâï«Õ,ï$�¹n]³_íÚmËXãüý�ÿo
™ÙÃ�~$ÄÓ
endstream
endobj
138 0 obj<>/MediaBox[0 0 612 792]>>
endobj
139 0 obj<>/A<>/Subtype/Link/Rect[247.99 675.71 364.91 687.3]>>
endobj
140 0 obj <>stream
xœíXÛrÛ6�}çW`¦/I'B��¼é¡�'¶�·µÒŒ•éL“��¦`‰ /
Eq�ú-ùÔ.�R"%Å¡SåòXÆ’‹³�ÀÁ.à�ÎÓ©CP�149gSç¥óÁ!˜¸‡Ö�C¿ÁËw�%èÒyý– ™ÃC�pŽrÇó¹ie¦ÅCLt�^wšöýÂùË)�ŠôO5wx€#�E�¾,ŠiZ˜�u=Â\ÝÛxíÚë¹q|�1FBì‡�†G�+3–�E˜10À¯ÛÞzi�‚9"؇ßPS»�3ÄÌÓ�€ˆk°pе�îç>À®‡µ5™(Ø!f:7!�‡ü.ÿÞ�›ÎQû�Û>ö!€>Û��{ôv磷ê�5h4
[xbü›�Yû €!�<ÛaÇܺëÕÓZÝè±£¼® ·2Ý!¤§Ópè6KÝ�vj"ŽCnç¼Óܸ�–Î×àì´MÂí´µf+›Mç÷ÖŒ<ìE}>]ÉØ×ù×»cÚȥ÷O±‡z sâ7»ï’Ú�þ�•ø.i‘‰õ&-²±)á�̺ï˜�ïï•ÈÙ ßÏäˆ�ý=$�Ò?zq�v#ä�8 л±|ìû0tì¹Èó`+ø!æm&Ž�`Κç>öüÖݶ
�8Y+ÄA€š��Ö;Â"™6xÙ�ÆjB›�]R‰Yrû„3ìoXrŠ=Þ°� ùQ�nÛ-Ïæ¡Óô°m
Õòä®�í�º£-”i·<Õ�7=:¬’¦~ý�•A5|î–À„¢é
ì,½x@%4ÉÕå8àhš;�fy=J�É�ª²T#ôúŸ·èáô>�|�ƒQ�0ƒñSÛã?ÉÊ„£ûá�Ç�LÕ×±NP!ר’Ë,M�Z§Y��ä�©�]K”�µ�Y�¶¨ÑRV_�b€„�Ò©��1}†ˆ�(×õÕõ9Žhkg[Û×nÙÖ×nüõ*~|Ç·�Àéå�º�µ’�º’ÕGøsaIo©væƒ�ž��ú§�îJ’÷èﲨ(�ú³*—b.TZÌ�¼£çŽ»eáSŠCKí3ŠUYfè�T/Êu¬�Ô9Z/D>ºÎDŽËj>Hk�TûÐ`¢æSˆ\ŽQçÓ�ÅÃPC��Q�Vd*®çñ�}�”‡���}Žb¥ÊxVÔµL,عÈêhà�¿‡–¨´?äéb…NVsÄ4ÊØ£cÊ�#”
�À}ý§�`&3©ä,�1Vj|¯±»n›NZ09KUœ•Éû–ñ´Z
�c¤Í+{` ¦÷²�߃�1�¡�–�I¼Z΄’õ}W…Ãé'è�R0aª]™³Ó‹iüjòÇ‹g¿�ƒ�©.6»˜°�BµS7x´�J¿O�À®oï��åÚïK0?ª�¹.‚} �°UÜ^€¡ªá�2b_‚•¼‘•,’
ãb¥ÔíÈ|?9™œLŸ¿˜>�MΦÃ�P_�9º�z‰BD!Ô¢T‹QZ@z/D6�™¸m2ß —"®e•Š¬�דJ"Ê ��éFúFÒCìhÔ|^Mž½˜œ_ü:��Ê—×W骖±XÊOqÑl£ÁK¥Ë«×Wéç4ND1Kõ®ŒÓÙ�º²0�8VêóØ�œ�Ù~î�ç†Øë«ÒÔ±. %”óp��óô�r�NÝ.7Ëqz[œN®t ¿º��ÊàìçÑ£
™…p¢íך…(沓5æ•(T.žÔ�‘•ùH~R¸Õ8nU�©�ŸÌò´��5p1î.qçU
‡¤%‚´¢ó‹7���Î/Ì'ú|vg�ë�€ìÅÆ”Ü#�œíx_yËã�€c:÷ö2ƒü´L«6J0���§uÎ÷ `±Ò|•[,`vÑÿ]âl�«›�‹š�VÈ°£�…�(ßωÒ+Y/l�Æ�ðB†÷G^IUmä�
�9…[�ícuGž�¥�rmvŒ‡ç¹H3œ”ùÀqÃÅØ
ŽZ�(Ü;]�R©l«ÓÁ‡�êÂõõxÙ‘Ò�»‡²c‡Üv™Ôí��QS.Å-\"áê(®Ë�£/ÏD¡¯•‰€r7C�»Ã:€���ž‹‰ñsX}è(?ÊBÕè̓\�+¸êÝ¢�û¢¬�ì�YÓZ>BgÖíÃJ®d{�‡ó*:}úH_fó´®Ó²€‹mU^g2¯5Ó›2ËÊuýæaïº÷ÿ?:}^:ÿ�+sc±
endstream
endobj
108 0 obj<>>>/MediaBox[0 0 612 792]/Annots[139 0 R]>>
endobj
141 0 obj <>stream
xœÍW[oÛ6�~ׯàã6À4o¢$?�M—�íÖ¦íâbÀ†AP,ÖV+QžDÇIMê�uqDÛK”.�*#ŽŽÉóñ\>žCþã=Ÿ{���CóÔ;›{ï½<‚ �|´õ�ú��?y” 7Þ_�”z"D�¨ð|)š·¼y�!&ö�†�¯íøÊûÃÓ�EöS-=�àH¢È.Ù¢4¯-Ì„rÁY`µ›Yûr7uå}ô"n— �Ç"²@ðÝ y#H?²�y7qOÜMµP��D°„¿Ð�x7rˆ™�2ÃhÑ‚èV�´Ÿöõ÷¦´¢”��ôк� [¤›SÜ£â8ÛéGCó]‹]ðcêŽÁ÷��ZçFÄI>%�3�¦¼��5¿—ó^–2jѺùûòn¾MŸ¥ìŽ–���yyËÖ=ƒ$�ï��²Ët'´q¡$À²�f
ßw“Ž°ç�À6n>m]‘¼ñ´�›Ð�•÷Æ[‘��a{�
IÓM(îšï¸¶cÌÀj×P�ù˜ºcêý��¦í�ÂIP@�,Ázì– ¼#�¥A�ÖNß�w³¿•.�Ùµ†`�ôã!¶‘ê¥�û°!#ìs�$–�ÌІ§��ž„h±Ý˜Ä¾Üiu‚�„y�a)Q§��ú´�l�˜Ø.ÖŠ½�ÖÐÂE_)�{?K�Ÿ€$ÿ+•Ðø¦/€dÐí(š�ÆÙ�ˆf£�pŽ#�Í�ï‡wª*²ºÎJ]£uU^檨Q©‘Y)T$µQ�ªUu�ÿº�§WI5ͳËée¦Óiz£“"[ 4«Ô”Õ
š zUnò�]ª¯?Î?Ù¶û�9jü�‡þÙZåÈÇ��ë`^£ XsÔìigà}h!³dµhiµ½®¶u5¹F�Y(¤•a"-RÈI ˜@çå�B�"á�(}çªß Ï\Î𣜱ZL`ÑræK©UlÊ2G?ÛdocûC] í*)&—yRà²Z�Cûß ”öyBÝ�!R34x�T<
ÖÂ>a=J’›¸^Æ·èç`ó8°�¸D]°)ãT×µZ´`/’¼�‰��—�°…É\ç«
:Ù,�³ 3ŸÎ¨@ŒP6��N;P"‡�¤*WF¥qm’ÊÌ�亘‡�˜J3�çåâsoñ¼ÚŒ�ƒ¢Ãåq0`Óg¥g�°ŒA'ð�°L/âÍ:MŒª�œ�høÜÍJc�DÌô©9;}5?œ¿~ûËo£0E$0g�˜‡Äô±�í®�)æô�ØåÍÃÁ Ýr�«xT
ß·ÇXgSÃNáÎ�cY#àt�w¤!X¥>ªJéÅÎb½1æfÒ|?;9?™¿|;99?›[€E˜¹´tê„}�˜UiV“LCCÔI>�™J[Œ�ä2‰¡fIÞÛ ’ˆ
BÆA�Ž™KÔ!G›ç÷³‹‘®óˆØ¾0DÛÔ*NÖê:ÖÝ&�(�À©Ô¥è—,^$:Í잌³t�ª,�ÇyÊ¥Àl�ÍbÜ>�Aƒ–G]J6Ml��·/!Âqpp�¥Á!œ¹YïRqz£OÏ/þ„Ÿ/ÞŒ�¥�SÿÑ\fQ„é^§Y%z©�%cY%Ú�ɳz•äe1Q×�÷�Ç=ç1�p¦'i‘éqˆ�S~wƒ{QeèB��Muñg~4¾º°€cJï._Ã� v±�%�X��ž.þúqñE€ItP�Ôõ�ÎÐÝ*A:�Š�L‚�(ÈUVlŠ�KŽ,-ŒQLä!Ö°�êš�'ȸc�ƒs(9,ˆPÏ+U¯ÚE˜X¢pÂ'â�–©vôŽFºNá|OØ!ÖÐõ"1pûÙ6;ÆÇË"Ér¼(‹qŽS¸Ñ�ú¨€ú‡¹2&¿eéèã�…��=^m¤ÐO£cµq`Üm’Ÿä’�8P…ºfôuhõñÉ’ö�€ne/¹ÚöAçjcJ¨žjñ�F�Ó8Ô6^´,UmGß}xþúÕÅ˳S´ÍÌ*Ó �ûp�§QŒ¾æu¼VÐ õ2VWJ›úénÆßÉò[Ì°:ï½�^*+ü
endstream
endobj
142 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
143 0 obj <>stream
xœÕ˜[oÛ6�Çßõ)ø¸
3Ë«$úahÖ$èÖ%E���6�‚b1–�]\‰Î¥Ÿ~‡’툶‘ÐCú0�qD‰üÿ!�Ï1ó%øy���)†fYp6�>�_�‚ $º��ú�^~�(A�Áßÿ�”�"F‘�¨
d(ú»²¿�1&ö�^n‡÷yðgP��ÙŸv�ˆ�«�Q"âx�î�Єr�rjÇ÷ývÛ›¾yp�„�EŒc¡,�>ײoL�‰�Žl_è綶�-…`��á7¶òžÆ˜Ih3�‰žƒ£Q�P?8ƒwÞ�ÍA�á{ªúák�ÛNÕK£v�]CÔØ�Wô®…Ã�Gº�ä€ÌÉqB ¢=ò
Ÿô½‡v¹i�.’�n�°÷`;®£ÜmtŽâp�žOA;(úFŽþ�)�Ù�˜�ØoÎa¢`�R4»Y³/(²@α’hV�ßUé#JË®A×�:}³*Di‡
ƒî‹²D]ÞÜ#“k¤ïtm:d�”5ðÊäýÓ¯MadQ/Ðru]�]®3üýì³Í�ßhNz·ø¾[Ql;‡Jb�õžYé‰�ØUè>O«Éu™V¸i�k}/€b†E؃ÐúªÓJOÑèr¨Ø��*,¤ƒMK“t‹ä‰~ šý`2Ä°ò�leš$«»NÏ�Ø9,®'MÀ^g�mn
×åY¾B'«�b–2•tJ�b„2?��R$u�dºÔFgIgÒÖLòFØu]g…IÊf~»�>>>/MediaBox[0 0 612 792]>>
endobj
145 0 obj <>stream
xœÍ˜koÛ6�†¿ëWðã6À§¼ëòah–4k×ÅE���6�‚j1–Z]\‰Nšþú‘Rœ˜¶—ÐC�TFlQ�ŸóR|yHæKðK�`�Æ�¥Eð*
Þ�_��˜…�Ý��ýfn~
�F�Á_cT�o�§ýÚ�&�ˆè0̸é³j“#”
ÂmfÕ.²õªÈµ�Ží�Áb�®
GUæéMϼ:{“f�æ¿¿;}ëǤ��ßcš~ÈõæÝù7—0�ô�ìãíñ0ŒA¸�lžÕ‚<
agP›‘Â�¾¯kxÈíêe�Ö«+Õ«vq/¸]k};�¿_žÌOÒ×ïÒ׳ù«Ô/€$À][:yÂ�y›ë²Óå¬jÍœÒæµ�ÙLÍÜõèÐåÙ ú*¯ïàöâجZ°�’ àî«Ýöèx|˜Ÿ¾›Ÿ¿ùÕ�H)p×¥ëAeùJ}ÍÚ»qäßWfíÅ]—~«²EÞ�•�–YU$¦*"¿Æ²X�'»8�y8ŽÁE�Ü–ŽóØ6`b:Í�b`ñ>Nß®î{ãì¶=›_NË&?(çÀäóµ˜�`®[�eÞ.ÕVÖXöy«›üåPæu×ÌÔW
�“ÃÆöÐ*ýâ¤hªÖ/¬Yh2þø�gW.—jeV¥c~�‰™f¼ó�Ã��}>>>/MediaBox[0 0 612 792]>>
endobj
147 0 obj <>stream
xœÍX]oÛ6�}ׯàã6À·üÖÇÃдIn»Î
�l��Õbl5²”JrÒô×—”¬Ø´„�2 4,‹�﹇¼‡—¤¿xob�#?¤(μ³Øûè}ñ0`æ�tïQô›~ùÙ#�]zÿü‹Qæñ�ùœ£•'$ïîŠîŽ�€Í½~½sÛ¿_zy¥GùÔ�û�JDH�à
Lß�M�£”…ƾk·_�Ú.½kO2D �ÀC�¤¯Cèj��Rð�]Ó
ʶÁÀ��©¿á÷$j�T˜��|Þa¿[×p¿Ø�û-úzÇ�³}jùÆÉÐdõ´‰ÝÑ
@hõ`ó�þQ�›µ�È!Éý‘±Dà“��‹Á�îÛ÷�ŠáÁD�¬�ì-öë[��I#ÞGîHqW¡[Ýö”þ¯®þH\02�=ìz²¿:gˆè�NP|ãa^�ä�ÆÌgU¼ò~¢˜ÐŸãÏ&#=ŒÇ’�¨-ÁÕ‹J
�Ô·'µž*Ìràª�ªxÔ–`®UÊù#ãrݶ�“îúúdz�_|ˆ/&Ó³ØÍ�õÍiiו'LIË´]Vír’—zQ)ÓÂ
YŸ¯¨Ñ¦J“FÕyZlÀÍ âp춋ÕÍÚBÝÕhWþ¸zóþÝìâìÔ ‘�ú°hËtݨ$½U_“r3‘œƒE|�6»oy2Oõ^ÙLË$Ï"mIƒÀ³DR á>œ�Ù–1p<�b˲[Èv� &zUvƒc�ˆ<„k�n�ÃqúPžNgýIÇ
T?'üź�ú@ìxÌ—i¹P;icQ§e»J_oO�0ˆ��ÙC©ÚW'Ù*/¼���yz‰3�—™ºÕ1éò‹ˆôaÃýß��äéôuxHdîð"�l«îv$þô¯Îábl>zß�iöÅ�
endstream
endobj
148 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
149 0 obj <>stream
xœÍ”MoÔ0�†ïó+|�$�ÅŽ9"Á� ¤J‘8 TEÝì&Uì¥Y£�¿�;NÈW¡�âÐD»;ã™yüN<Ù;xS�%ÚpR�àm�Wp��©Ð�¹�NÞ‡à-0J>Àç/”�@æDKI,dJöVÛ[2G�í�ž™)^Ã'pÀH¼»�HF�Æ3�L²�è%�,“"Ö÷ykÌá�J�ž3†ÒDPø�½¶÷�r�Ì5YSF�P”„¢
Ÿ<*û+/GžÅ�ŠZö,Ôs?à^,�ëŒä�4z!ª/�ð}Ðþ)sÖÓPd�zW
çÌmñRÝ£å+IëÞ��¬Y"Q6¢iÊO�í¸ÀxÂ¥ü¥7%ÇsŠCù{ðf#6Ÿ¼i�“œÿßàÓPAI¼Ãc�/î«w‚„(e¤8†ç��Œè<–i!cUaá��®Ë¹¼®¾mºêuZЇçÅm|é�Añp�|ƒ²kì7›XŠÒ},�~Ø–åJ;ª"î°q¾ê\ÙbéJ_Ÿ}®ò¸k�e2Ô›�ºêØU—:íÁe½�•sTæ�–ï~ŒjÍÎΕ2¨�Ð5ïÜ–Þ×Õý©+Ïðd˦ś³ÝÙw¦P©Í�—ªkÊvØSÆ©ar¯f)Pe�¤÷#/\�Ï®Ú��á¯v9‘?Cíus˜`Œ2)ó�÷4Þ·Q�k®à�Ý�†Û
endstream
endobj
150 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
151 0 obj <>stream
xœíXÛnÛF�}çWÌC‹$EDï.—7=�ÈÅIÖNc
Ð$�hqm)áÅ!);îC¿½³7Š¤e‡±k �•‘ˆCÎœ9;;{v©/ÎÓ¹C Œ�ÌSgî¼u¾8Ä%^èÃ…Ãà5>üäP��Îû�R‡G�r�¹ã�\]eêŠG.‘×ø¸s©Ÿ¯œwNáPÕ©ÃC7�€z,d�F_k õHÄC�¯ü†¶õ]9'Nàç“Ðå±�Âÿ•)+ˆc—I_ôë^o½$�q9�7À‘dw#fä2_Þ�Ü+,7ìÚ�÷K�`è¡mI&��ÄT°Ia�ò›ü{#4Áqû€m�{�@Ÿí�ˆ+ô†õèM|H��C�O”¿¹‘Ù�!‰4ž��˜[w9{²]Û–ì4_·'·: �{ÒÁÇ/fgÛ�º:>ÃƆq�˜ÖUw‘Z0���Ã�óžb7�7�µfº-vô²
gnLÛ´ÊÈœ™|Êé–”1mêYË…º$°ÑÚOå�a—tƤí^|¨�ú96v;Å�R•Ì¸�Lëm
J¨ÌæGžÅTå0v;¯¾G4ˆõ�ÚÖÿÎ�‹#æQ$åB�È�zV'�²�#½œzFë¶[�®ƒT�“6£í"hM« mðà¹6�
â
9u5Áºä7‡ôGØêB‡{Ÿî�}'@ò�ˆ«��%Ù!�<Œ-ºj�c·Í3 °;�šö�Úÿm›ç~Äï6L�È?Y�âz¨Ñ�w¹Ü*é¹^ˆy]�w���"… rq‹4ÆÒ B�`Ÿ�®�´QÆPˆèhLßEj6*p=Þ"*��M6eZ�*ªÇq©ªonIÉ [Ú¨@^`iSü²9ÔuKZ?ѼLˆ1�\Ë™1�¬ƒ��γxÚh9kÓ’PQ=‚šó=¨âí›ð?^i?Îjh;��{/< xÒ¤0?A1�(„‘:�`7aÔ�_›)LN«¤hòd�ïÿù�Ýq]�ãs¹�H˜Ÿ «a‚U¹¦€#À8s#
–V�_«I]M¾��[. À ž9�Ës@��MQ·oNx÷å¸{Ùp”%®E`¾Z×P¯Ê‹�6g²Y·ª ï.Ò¼^ÔMÒlj» îE“o�-�ໃE´��Gé�G-™i��×e��ñ��ò�¬§Æ�Ofóý£ÅlÿèÏý#-ÉHk’|ÎF�z�6OÔC<|r°ÿÜ.rÝ�›*iP
@R�ã˜z~àF~�x…²¶¨OÛ}�?¯Þüþ|1{¹8|s¸?�–·j>€]�I.�ö!ÎÔ88|ï‰Ø�¸&©š–è;ÔRµtB ÁÔgS<
1BÙ¸�4´Ës¢<Û–¢›"œ’ïLA¸ÛŸÃJœeëeÒ-Ëùåi51÷G¡²˜JyéÂêù‡îGÎà8¸À·›‹êþ-Åq
Å|f7‚–NoÒÍçûÇéÅÃ#Žîú�î]�l¥—JT÷ôÖg�sÒˆü,ÃÂŒS�Æ�{
²ÈF�’4D]›”Œ“`J�!SJ�Òét\30Š"GwâgM'‡Â÷nOð%ðšfëTk^mÆ-A�…ò÷+'Ìe¹)š� �Žƒ�¨��=¸#Í�f/A¶K
ߣ¸TþjÓo;©¯ËÕ�v~v”u‡×¸ÔøŠ�ô;Å~Þü6
!�\]Š�7*Õ³ã�-ýÑSbö’Ýc½¢‹\‹Ö-Ùâ» ßï¬�k`'‘Ñzï‡òµ›â��ýSðá,Y~�x‚nð$Wçë�ÏÏñ6�^Åú\^# ùÙ¸AVÖõ��J?Î��ÿ¿l÷‰È˜·Î¿ò�‹Æ
endstream
endobj
109 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
152 0 obj <>stream
xœÍV]oÚ0�}÷¯¸/S·©xþv’‡IÛÔ=lꪶHÕTU�´@h’Òu�û-û©³c��ÐÖLUU"ĵ}ï¹Ç×ç:\£ÏmD@Ç�Ú}tÐFÇè��L¸–p‹�|³‹—ˆ�8Dç��úHD …€ ’JTÖ¸²D„‰³íòŠé×Gè�M��÷äC$4Ž�P�«h�ãm�Ô¢œPI]|å·>¾÷�¡�R�(„›¶@"®GãjÄ1cÖ´^Kkéá���@°²ßÈ1{�/ÂLú F+,¬WÇ�î}�`ÝÃ9ŽuƒT�¸€¯�'�y®ìi��7ø®1\ÅÜ�n²{2|ÒúÞ��¬©GÒò�šx?1®'˜‡[ø7Gµ³;''ÊZx+�[UÞRžÎóoðu° à�[fÛ¸�¾ZÁÙn¥Ð�Øú»�
:raš�¬�´'èmR´z£�lýœ™>üÈæ��¨J$K„�F([÷;úþ®}é.ˆ'Ò2Š5«ÒÞG2ATÂ
! %„&4I6À½Ÿ…”Ø•C°°\ÄþÐF®Y:�& aÖí]™²€2ïN‹IZ–¦¿o§sÓ3éÜÙ�‘¼Y¸Á8+Š Œ*–X×5-h«{5~²¦œ&V�ÛjzrÐ>ù�–8bXÅ›e¥uYÙCe¥„c)W¶ùUX2�c¥_´®Ra¥��sSæwI1LÂ��ÇJ6��NM>79ì-�k/Ó£Op}cò;hA™NLvSÂm7-í�aåaÙ¸}kˆµl¹)fÙ´0ûž»Å�â�Û;~ETÛ{õ™�U��}¬Q�TÔ²Q��%cŠÕKêI*‰eTe�§EÙ™™ißf옹™–E˜¢¤dXzÖ^G§‡_²é �Þä¦.Å�×€Ô �»×$±ôZv���Ã�–¢ÉvdzW‹�X²
}�ðDÊ°Ì”cÉvdK¬‚h�Ûí…Ýd+m7�e�‘Æ;–VhE�@6´uuB�É*jÛlG¶Ü¶¦ßáß°�Æ°ðÊùMM§Ì²1|�ó+-ÃâIŒ�Û!¡ý��/<{Ä ´ò,+[pþç���¯ãÏÖÿ°p1Çè�xïÙŽ
endstream
endobj
153 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
154 0 obj <>stream
xœc`À���þ�Á��(wÂ(X�æ.ø���@Šÿ#� –
Èü
��ÿQ�é|tóÐíC8�â�$ Øýƒ��%†Ÿ
endstream
endobj
155 0 obj <>stream
xœ–wTT×�‡Ï½wz¡Í0�)Cï½
½7©ÒDa˜�`(��34±!¢��ED��A‚"�Œ†"±"Š…€`Á� Ä`�QQy3²Vtåå½——ß�g}kŸ½÷=gï}Öº�¼ý¹¼tX
€4ž€�âåJŒŠ¦cû��ð��Ì�`²23�B=ÀH>�nôL‘�ø"�€7wÄ+�7¼ƒètðÿIš•Á�ˆÒ�‰Ø‚ÍÉd‰¸PÄ©Ù‚�±}FÄÔø�1Ã(1óE��±¼˜��Ùð³Ï";‹™Æc‹X|æ�v�[Ì="Þš%äˆ�ñ�qQ�—“-â["ÖL�¦qEüV�›Æaf�€"‰í��+IĦ"&ñÃBÜD¼���)ñ+ŽÿŠ�œ�øRné�¹|nb’€®ËÒ£›ÙÚ2èÞœìTŽ@`�Äd¥0ùlº[zZ�“—�Àâ?KF\[º¨ÈÖf¶ÖÖFæÆf_�ê¿nþM‰{»H¯‚?÷�¢õ}±ý•_z=�ŒYQmv|±Åï� c3�ò÷¿Ø4�� )ê[ûÀW÷¡‰ç%I È°31ÉÎÎ6ærXÆâ‚þ¡ÿéð7ôÕ÷ŒÅéþ(�Ý“À�¦
è⺱ÒSÓ…|zf�“Å¡�ýyˆÿqà_ŸÃ0„“Àásx¢ˆpÑ”qy‰¢vóØ\�7GçòþS�ÿaØŸ´8×"Q�>�j¬1� �ä×>€¢���s@´�ýÑ7|8�¿¼�ՉŹÿ,èß³Âeâ%“›ø9Î-$ŒÎ�ò³�÷ÄÏ� ��H�*P�*@�è�#`�l€=p��À��‚0��V��H�i€�²A>Ø�Š@ Ø�vƒjP��@�h�'@�8
.€Ëà:¸�nƒ�`�Œƒç`�¼�ó��a!2D� UH�2€Ì!�ä�y@þP���ÅA‰���BùÐ&¨�*‡ª¡:¨ ú�:�]€®BƒÐ=h�š‚~‡ÞÃ�L‚©°2¬
›À�Ø�öƒÃà•p"¼�΃�áíp�\��ƒÛá�ðuø6<�?‡g�€���¢†�!�Ä
D¢‘�„¬CŠ‘J¤�iAº^ä&2‚L#ïP���EG�¡ìQÞ¨å(�j5j�ª�U:‚jGõ n¢FQ3¨Oh2Z m€¶Cû #щèlt�º�݈nC_BßF£ß`0��F�cƒñÆDa’1k0¥˜ý˜VÌyÌ f�3‹Åb�°�X�l –‰�`‹°{±Ç°ç°CØqì[��§Š3Çyâ¢q<\�®�w�w�7„›ÀÍã¥ðZx;| žÏÅ—á�ð]ø�ü8~ž MÐ!8�Â�É„„*B�á�á!á�‘HT'Ú�ƒ‰\â�b�ñ8ñ
q”øŽ$CÒ'¹‘bHBÒvÒaÒyÒ=Ò+2™¬Mv&G“�äíä&òEòcò[ Š„±„�[b½DD»ÄÄ�I¼¤–¤‹ä*É<ÉJÉ“’�’ÓRx)m)7)¦Ô:©�©SRÃR³Ò�i3é@é4éRé£ÒW¥'e°2Ú2�2l™B™C2�eÆ(�EƒâFaQ6Q�(—(ãT�U‡êCM¦–P¿£öSgded-eÃesdkdÏÈŽÐ�š6͇–J+£ Ý¡½—S–s‘ãÈm“k‘�’›“_"ï,Ï‘/–o•¿-ÿ^®à¡¢°S¡Cá‘"JQ_1X1[ñ€â%Åé%Ô%öKXKŠ—œXr_ VÒW
QZ£tH©OiVYEÙK9Cy¯òEåi�šŠ³J²J…ÊY•)UŠª£*WµBõœê3º,Ý…žJ¯¢÷ÐgÔ”Ô¼Õ„jujýjóê:êËÕ�Ô[Õ�i�4�� ���Ý�3šªš�šùšÍš÷µðZ�$=Z½ZsÚ:Ú�Ú[´;´'uäu|tòtšu�ê’utWëÖëÞÒÃè1ôRôöëÝЇõô“ôkô��`�k�®Á~ƒAC´¡!Ï°Þp؈däb”eÔl4jL3ö7.0î0~a¢i�m²Ó¤×ä“©•iªiƒé�3�3_³�³.³ßÍõÍYæ5æ·,È�ž�ë-:-^Z�Xr,�XÞµ¢X�Xm±ê¶úhmcÍ·n±ž²Ñ´‰³Ùg3Ì 2‚�¥Œ+¶h[WÛõ¶§mßÙYÛ ìNØýfodŸbÔ~r©ÎRÎÒ†¥c�ê�L‡:‡�GºcœãAÇ�'5'¦S½Ó�g
g¶s£ó„‹žK²Ë1—�®¦®|×6×97;·µnçÝ�w/÷b÷~��å�Õ�=Õ=�=›=g¼¬¼Öx÷F{ûyïô�öQöaù4ùÌøÚø®õíñ#ù…úUû=ñ×÷çûw�À�¾�»��.ÓZÆ[Ö���}�w�>
Ò Z�ôc0&8(¸&øiˆYH~Ho(%46ôhè›0×°²°�Ëu—�—w‡K†Ç„7…ÏE¸G”GŒDšD®¼�¥�ÅêŒÆF‡G7FÏ®ðX±{ÅxŒULQÌ•:+sV^]¥¸*uÕ™XÉXfìÉ8t\DÜѸ�Ì@f=s6Þ'~_ü�˵‡õœíÌ®`Oq�8圉�‡„ò„ÉD‡Ä]‰SINI•IÓ\7n5÷e²wrmò\J`Êá”…ÔˆÔÖ4\Z\Ú)ž�/…ד®’ž“>˜aQ”1²ÚnõîÕ3|?~c&”¹2³S@�ýLõ u…›…£YŽY5Yo³Ã³OæHçðrúrõs·åNäyæ}»�µ†µ¦;_-cþèZ—µuë uñëº×k¬/\?¾ÁkÑ„)�*0-(/x½)bSW¡rá†Â±Í^››‹$ŠøEÃ[ì·ÔnEmåníßf±mï¶OÅìâk%¦%•%�JY¥×¾1û¦ê›…í ÛûˬË�ìÀìàí¸³Óiç‘réò¼ò±]�»Ú+è�Å�¯wÇî¾ZiYY»‡°G¸g¤Ê¿ªs¯æÞ�{?T'Uß®qiݧ´oÛ¾¹ýìýC�œ�´Ô*×–Ô¾?È=x·Î«®½^»¾ò�æPÖ¡§
á
½ß2¾mjTl,iüx˜wxäHÈ‘ž&›¦¦£JGËšáfaóÔ±˜c7¾sÿ®³Å¨¥®•ÖZr����ö}Ü÷wNøè>É8ÙòƒÖ�ûÚ(mÅíP{nûLGRÇHgTçà)ßSÝ]ö]m?�ÿxø´Úéš3²gÊÎ�Î�ž]8—wnö|Æùé�‰�ƺc»�\Œ¼x«'¸§ÿ’ߥ+—=/_ìué=wÅáÊé«vWO]c\ë¸n}½½Ïª¯í'«ŸÚúûÛ�l�:oØÞè�\:xvÈièÂM÷›—oùܺ~{ÙíÁ;ËïÜ�Ž��¹Ë¾;y/õÞËûY÷ç�lxˆ~XüHêQåc¥Çõ?ëýÜ:b=rfÔ}´ïIè“�c¬±ç¿dþòa¼ð)ùiå„êDÓ¤ùäé)Ï©�ÏV<�žñ|~ºèWé_÷½Ð}ñÃoοõÍDÎŒ¿ä¿\ø½ô•Â«Ã¯-_wÏ�Í>~“öf~®øÂÛ#ï�ïzßG¼Ÿ˜Ïþ€ýPõQïc×'¿O��Ò��þ��˜óü
endstream
endobj
156 0 obj <>stream
xœ’]��A�†ß_‹|¦Hq!)¹”Rþ�ò™"Å…¤äBRJ÷Ø1sÖW›é¹8óœw¶ÝÙãyÿ/Dz�ù�NŽQ; sC×�XpKùvDÂé)Z�´¯(¬Ì“YpKÉ–:"Ä��šgáÙ�ï�¶�о´AýhÐÞJ�´¯ìPÝ�23ó>,¬d@çË[‡¾œ wùâÚ�Æç�È/
Ú[É€ö© ²sƒöV2 }´/—죽•�¼ü�šøPÐßë›`80>stream
xœåVÛnÜ6�}×W�Ð�·…Ã�uócbçZÛ°w
C^q½ŠµÒZÔÚm¿&ŸÚ�’ÒJ�ß`7@ÑÂ0–#Îœ93<�éÊ{5õ8Ä©�ÓÜ;˜z'Þ•Ç��â�n<�>àæ�Op8ô>ÿÎ!÷d�±”°ôÂHšUiV2aœÖ¸=XÚý…÷É«<�ô×\x2fi�BFQ�c×�è…ðS�†�oü¶íÎwáͽ(�‘$œ�#L{«4V”¦Ì÷Ñ@¿ázãE œIà,Âÿ„ØÝ‹™0?´�|a°X<´�îç1À¶‡µ‰L�o�3Á.…sXÞç?ªÐ�§#î[lÇØ·�ŒÙ>�â�zÛý��|,,�ýZxný탲{�óÄâÙ€-sãN§Grí%9�ßP“�¥ZBÔÅ °
6M°†íH˜`6i{=\÷N��Õ"cnT“Jáã/ªT8�=�ý6EÞ��3ì~à3iº/‡V§Å>t¼m¬0ÅTÛlœ”âÍþò�ïQQ½
�|G�G°·�?å8{}!/�£žS×(gØ>/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/Font<>>>/MediaBox[0 0 612 792]>>
endobj
159 0 obj <>stream
xœÍX[oÛ6�~ׯàËà�ˆi’"u�6¬kÝî–�µ
C��ªDÇje)•d÷òëwHI¶¬8¥�lE��%%òûÎ9<7ú½õËÂ"Èõ�ZÄÖta½¶Þ[��Û�èƒÅÐïðñE :·®n�Š-î!—s´±„Ãõ(Õ#îa¢Æð¹3¬¿¯¿Ì¢Hý�·�w±ï *l‡40õ¸��Sæ¹ÂWûõºþ¼]»¶V–c#J]™¯€¸¿Ÿ¥zÆ}l��òÎð°FA�¬�% (�E¯(ö�Á>Òº�ÌaâÀ?�Í^5›9öéNÏRk��±íuÄ©ç-ï¼�ÂeÍÖz¬>�°WO�ý¢»U ©É�o�°Ã‹´}!�¦ZGµührXZŸ…KÕúæ�¹¶As”õDøzs½ìhÒžèJ;ÊÞ�:ÇÞõ†ƒÔ¼ÿ½&߇��©?ðm�¦ÉK�ùh±�‡W/)r=m_æ`ÇE‹õäsžÉe•ç)ú •ëüÃ2ޔ˲
«mùtñV�á�`(x\
£·n²’E³;0o'6fžÞŽšçüÙ|1-çÓÙ_ÓY _•ë0Í7cù±2�:>Åâ�ðâÙùô�ª�CQž’Ûm�VIž!%¦4Ké¸>öŽA×y�/ËÛ��ž_/ÿ|±œ¿Z^\^LÍŽ‡©{
r™…�Ùà^Àɘ¡„ƒù)¨*,ª½€Ã 8Çî)E«üî ê0(ÛÆä�ªwi�…]�Ã,¬Öyµ�7ßÌ°Œª<Ö…��uŸÙôÙ‹ÌXÄoC@ûîA>³K�ßmý~/ÇÑÑ5ÏW+(<§��µÏ.ã¤è`Od�MÞ$Y<ÙSÔ.nfP¹â˜¡‰Ú0Ž�Y–
�#„�Ü%ÁŠP�° `fh‡õ�¥…N«�ü=hÛ�-h?`:çu°Ë¢ØšSØ~?dt�ŒòmVuÀ(7C1�»ÇP³Z.4…”CÄhh6�ÔéÇL“úâ�xî›ñÔ*„ÌÄ„÷£ª}.ÿ0îæ>kã(…Â!‹,ÌÊr�úšš3ÎÊq™†;IN�ÿ²H ãì�`�?�N�U•¾�Ôñ1;>«½ £€R"ÁÉO›RŠ�hˆlHÛÄL$\,Ž‰î’�ÜT »0z'«�UE˜•›¤ªd|�¯��Éd§ÆÐì’�še(ÍKs
æ\´Q··$�bIûñ–´y?�÷–tœ€Ù��òÈ’ÔLÄ�æÞ7³$%m0Ël|+ãd�n«õ=��ëmmIè°½�ô&îIKΦ‹™¹�پɱ1W1åǼàMèø��"x°Z�+iÃÉñ•ß�Óe؆ÄÈ°99ÛžÛ�ò/š’tLIÉ×��®lmZhù
Y�Ÿ–›!�ֆζW`�šëÜ‚FÝÃ��h�&)¤Ù*GEù)‹P’Eé6–h�¯Ë33•`ý´€Ðó|³ ³�®F�tt†Fãñûm"+=�wõ›»°,?äE>>>/MediaBox[0 0 612 792]>>
endobj
161 0 obj <>stream
xœc`À���þ�Á��(wÂ(X�æ.ø���@Šÿ#� –
Èü
��ÿQ�é|tóÐíC8�â�$ Øýƒ��%†Ÿ
endstream
endobj
162 0 obj <>stream
xœ–wTT×�‡Ï½wz¡Í0�)Cï½
½7©ÒDa˜�`(��34±!¢��ED��A‚"�Œ†"±"Š…€`Á� Ä`�QQy3²Vtåå½——ß�g}kŸ½÷=gï}Öº�¼ý¹¼tX
€4ž€�âåJŒŠ¦cû��ð��Ì�`²23�B=ÀH>�nôL‘�ø"�€7wÄ+�7¼ƒètðÿIš•Á�ˆÒ�‰Ø‚ÍÉd‰¸PÄ©Ù‚�±}FÄÔø�1Ã(1óE��±¼˜��Ùð³Ï";‹™Æc‹X|æ�v�[Ì="Þš%äˆ�ñ�qQ�—“-â["ÖL�¦qEüV�›Æaf�€"‰í��+IĦ"&ñÃBÜD¼���)ñ+ŽÿŠ�œ�øRné�¹|nb’€®ËÒ£›ÙÚ2èÞœìTŽ@`�Äd¥0ùlº[zZ�“—�Àâ?KF\[º¨ÈÖf¶ÖÖFæÆf_�ê¿nþM‰{»H¯‚?÷�¢õ}±ý•_z=�ŒYQmv|±Åï� c3�ò÷¿Ø4�� )ê[ûÀW÷¡‰ç%I È°31ÉÎÎ6ærXÆâ‚þ¡ÿéð7ôÕ÷ŒÅéþ(�Ý“À�¦
è⺱ÒSÓ…|zf�“Å¡�ýyˆÿqà_ŸÃ0„“Àásx¢ˆpÑ”qy‰¢vóØ\�7GçòþS�ÿaØŸ´8×"Q�>�j¬1� �ä×>€¢���s@´�ýÑ7|8�¿¼�ՉŹÿ,èß³Âeâ%“›ø9Î-$ŒÎ�ò³�÷ÄÏ� ��H�*P�*@�è�#`�l€=p��À��‚0��V��H�i€�²A>Ø�Š@ Ø�vƒjP��@�h�'@�8
.€Ëà:¸�nƒ�`�Œƒç`�¼�ó��a!2D� UH�2€Ì!�ä�y@þP���ÅA‰���BùÐ&¨�*‡ª¡:¨ ú�:�]€®BƒÐ=h�š‚~‡ÞÃ�L‚©°2¬
›À�Ø�öƒÃà•p"¼�΃�áíp�\��ƒÛá�ðuø6<�?‡g�€���¢†�!�Ä
D¢‘�„¬CŠ‘J¤�iAº^ä&2‚L#ïP���EG�¡ìQÞ¨å(�j5j�ª�U:‚jGõ n¢FQ3¨Oh2Z m€¶Cû #щèlt�º�݈nC_BßF£ß`0��F�cƒñÆDa’1k0¥˜ý˜VÌyÌ f�3‹Åb�°�X�l –‰�`‹°{±Ç°ç°CØqì[��§Š3Çyâ¢q<\�®�w�w�7„›ÀÍã¥ðZx;| žÏÅ—á�ð]ø�ü8~ž MÐ!8�Â�É„„*B�á�á!á�‘HT'Ú�ƒ‰\â�b�ñ8ñ
q”øŽ$CÒ'¹‘bHBÒvÒaÒyÒ=Ò+2™¬Mv&G“�äíä&òEòcò[ Š„±„�[b½DD»ÄÄ�I¼¤–¤‹ä*É<ÉJÉ“’�’ÓRx)m)7)¦Ô:©�©SRÃR³Ò�i3é@é4éRé£ÒW¥'e°2Ú2�2l™B™C2�eÆ(�EƒâFaQ6Q�(—(ãT�U‡êCM¦–P¿£öSgded-eÃesdkdÏÈŽÐ�š6͇–J+£ Ý¡½—S–s‘ãÈm“k‘�’›“_"ï,Ï‘/–o•¿-ÿ^®à¡¢°S¡Cá‘"JQ_1X1[ñ€â%Åé%Ô%öKXKŠ—œXr_ VÒW
QZ£tH©OiVYEÙK9Cy¯òEåi�šŠ³J²J…ÊY•)UŠª£*WµBõœê3º,Ý…žJ¯¢÷ÐgÔ”Ô¼Õ„jujýjóê:êËÕ�Ô[Õ�i�4�� ���Ý�3šªš�šùšÍš÷µðZ�$=Z½ZsÚ:Ú�Ú[´;´'uäu|tòtšu�ê’utWëÖëÞÒÃè1ôRôöëÝЇõô“ôkô��`�k�®Á~ƒAC´¡!Ï°Þp؈däb”eÔl4jL3ö7.0î0~a¢i�m²Ó¤×ä“©•iªiƒé�3�3_³�³.³ßÍõÍYæ5æ·,È�ž�ë-:-^Z�Xr,�XÞµ¢X�Xm±ê¶úhmcÍ·n±ž²Ñ´‰³Ùg3Ì 2‚�¥Œ+¶h[WÛõ¶§mßÙYÛ ìNØýfodŸbÔ~r©ÎRÎÒ†¥c�ê�L‡:‡�GºcœãAÇ�'5'¦S½Ó�g
g¶s£ó„‹žK²Ë1—�®¦®|×6×97;·µnçÝ�w/÷b÷~��å�Õ�=Õ=�=›=g¼¬¼Öx÷F{ûyïô�öQöaù4ùÌøÚø®õíñ#ù…úUû=ñ×÷çûw�À�¾�»��.ÓZÆ[Ö���}�w�>
Ò Z�ôc0&8(¸&øiˆYH~Ho(%46ôhè›0×°²°�Ëu—�—w‡K†Ç„7…ÏE¸G”GŒDšD®¼�¥�ÅêŒÆF‡G7FÏ®ðX±{ÅxŒULQÌ•:+sV^]¥¸*uÕ™XÉXfìÉ8t\DÜѸ�Ì@f=s6Þ'~_ü�˵‡õœíÌ®`Oq�8圉�‡„ò„ÉD‡Ä]‰SINI•IÓ\7n5÷e²wrmò\J`Êá”…ÔˆÔÖ4\Z\Ú)ž�/…ד®’ž“>˜aQ”1²ÚnõîÕ3|?~c&”¹2³S@�ýLõ u…›…£YŽY5Yo³Ã³OæHçðrúrõs·åNäyæ}»�µ†µ¦;_-cþèZ—µuë uñëº×k¬/\?¾ÁkÑ„)�*0-(/x½)bSW¡rá†Â±Í^››‹$ŠøEÃ[ì·ÔnEmåníßf±mï¶OÅìâk%¦%•%�JY¥×¾1û¦ê›…í ÛûˬË�ìÀìàí¸³Óiç‘réò¼ò±]�»Ú+è�Å�¯wÇî¾ZiYY»‡°G¸g¤Ê¿ªs¯æÞ�{?T'Uß®qiݧ´oÛ¾¹ýìýC�œ�´Ô*×–Ô¾?È=x·Î«®½^»¾ò�æPÖ¡§
á
½ß2¾mjTl,iüx˜wxäHÈ‘ž&›¦¦£JGËšáfaóÔ±˜c7¾sÿ®³Å¨¥®•ÖZr����ö}Ü÷wNøè>É8ÙòƒÖ�ûÚ(mÅíP{nûLGRÇHgTçà)ßSÝ]ö]m?�ÿxø´Úéš3²gÊÎ�Î�ž]8—wnö|Æùé�‰�ƺc»�\Œ¼x«'¸§ÿ’ߥ+—=/_ìué=wÅáÊé«vWO]c\ë¸n}½½Ïª¯í'«ŸÚúûÛ�l�:oØÞè�\:xvÈièÂM÷›—oùܺ~{ÙíÁ;ËïÜ�Ž��¹Ë¾;y/õÞËûY÷ç�lxˆ~XüHêQåc¥Çõ?ëýÜ:b=rfÔ}´ïIè“�c¬±ç¿dþòa¼ð)ùiå„êDÓ¤ùäé)Ï©�ÏV<�žñ|~ºèWé_÷½Ð}ñÃoοõÍDÎŒ¿ä¿\ø½ô•Â«Ã¯-_wÏ�Í>~“öf~®øÂÛ#ï�ïzßG¼Ÿ˜Ïþ€ýPõQïc×'¿O��Ò��þ��˜óü
endstream
endobj
163 0 obj <>stream
xœ’]��A�†ß_‹|¦Hq!)¹”Rþ�ò™"Å…¤äBRJ÷Ø1sÖW›é¹8óœw¶ÝÙãyÿ/Dz�ù�NŽQ; sC×�XpKùvDÂé)Z�´¯(¬Ì“YpKÉ–:"Ä��šgáÙ�ï�¶�о´AýhÐÞJ�´¯ìPÝ�23ó>,¬d@çË[‡¾œ wùâÚ�Æç�È/
Ú[É€ö© ²sƒöV2 }´/—죽•�¼ü�šøPÐßë›`80>stream
xœåV_oÛ6�秸LjY’¢DÉ��Ö-�°¡-��(†¢04‹¶ÕêO"Ên³OÓº#)+Š�TjÒb�•�t'ÞÝïîÇãÑ×äÙ’0P‰€eFΗä‚\�FY Bø@�ü‰‹ï�gð‚¼yË #2�%%”$Œ¤“
'ɘ2+ãò@ôë;òšT„ƒý5["�M"à��£.Œ—} ��1‹�ëïìNõ£íŽl�~VADC�F&\x™I*�*Öf(w6>'Fc©X�øN$�øNdè’|Tè
�–�Ì�þb4…o�X9’½ˆ�ž�]�K^d!MN�pN]@¿^~ÁúN�k2Èñ6¯;!ïs´
Ó7Å`û‡]qÛ+'½€9EJPud¦Sa��}<]ÿK±×`g�þð�sP‚ã⺄§y¹
à÷�.�sëØù8vŸ>ÇS€³–ÃrƒGÂ9â�fÏ›�¨�aY’Ÿ~ý§>è3hw�
³2º9è�Œ^·y]A½�³«?¬²�—Ú´Ý�ÈrsU¤7Æy4:5h¶©�ØÖyµ…¶†ËóååßP7?/ßÙ?’�~GŠl"Ï._ýuþ�òÊEî`t†�ms³*Í�6¹.2ÚÅ}È�Œ²ƒq¢8 ‚»Œ–˜Ç&ÿx†)�Ý�¹±Ùyñ�Ò*ƒ½qÌ]é*³�胮Zc‰Xïôú=,œéâÅouµÉ·ûFCn`ĵ:ëJù�
é*
�V£bg%C�)Wпu¥Wm]�ðËÝšt5Ûê,Ÿ¥ûv7Ü·û���Ö§�o9Xy�Æ� Aq”Ø@=K–3¯€Ì.-ê�îž79¼¬�€Ñ¹˜s>ç
�ãb��·>œ�=Ó�Û)Ðr"t˜Ä4�ƒ�nÈ�´œ‡S¡cE¹�Î*33EzÐl¼êxÎÄDh�Ú©6‰ð¬¹�ù�:œ³d"´=-c„÷UóqèdÎâ‰Ð¡ ì�ºŸ�ÇçköšÍƒ©Uã½�ÄŸÒï<=e�Ñ$q¨¯Ó¼…}Õæ…�™8�³}�½ÍK
WµÁ�ènŽÏ˜ñs�*ÈjHá6ÿÓËè�ŽÙ2}¯Gî�W �-O‡±äãˆjnÚØ8ÝåE?õóø�úWb}.È_ì�»
endstream
endobj
165 0 obj<>/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/Font<>>>/MediaBox[0 0 612 792]>>
endobj
166 0 obj <>stream
xœ½XmoÛ6�þ®_Á/�6 Qø*Jú0 [Ü�Û’ ¶±a(�C±èX,¹’ìnûõ;J¢,+N©¸Hi�&Mò¹»‡wÇ—OÎOs�#�P4ÉÜyç|r°‹™�è³CѯÐùÁ!�Ý:ïÿÆ(v¸$çhã�×µ´®qßź�ݽjÓ¿vþt2‡ ý)��.ÝÀCÄ“‚¶0M½�º T2Oêùõ¸aÛŒ];+Çc�ú\¡axÐÖÓºNxà�¨Ã^ՌГ±[›ˆÁD
&¾'®°� ÚJìrhxðõÑôÆL%¬' �©3ƒ.—ù�MËHœ�ñ\¶�Û†î�ÀÓ‘�u³?U+(™Ð?M?íÚ©iëñ¾¨Óÿ�šÝèf $©!¨g k�ÚvjÚDø
F3|ÐìFk�µ³t�Ñ[ú¾G�ü¤Qâ�ì:G
Œô�Ü�üÿò-¸&8=Aó�ø©î Èã.†•�\O ùÆùž¸�ý0ÿ cä�L¨µ`(èk ýz �—¡µ
ÿå™ZTyž¢�Q¹Î?/âM¹(«¨Ú•fÏÃxte�SOÝDe¥ŠvvhŸî{�êé¨-·W³ùdº˜M¦L¦aýW¹ŽÒ|s¡þ©ì€’»ì�ðîêvr�ÅÐ2ÏVÉ㮈ª$ÏVSÐÒ£:ˆú ë<�åcˆ�å—û߯�³›ÅÝýÝÄ�) )ÐS‹,Ú¨�÷�VÆ�Å�—ž‚ª¢¢ê���E¥+N�ZåÛƒ©ã ˆpýc¨BmÓd�õmŒ²¨ZçÕú¢í³Ãb®Sd�¶YDÔ/ÓÉÕõ_V,�P��µï�ô³»„ð±ñûN£¥kË‹
�^0ŒˆÆg�qRô°/Uµ¼|H²ø²�Ѹ¸]‚Ã�i£6ŠãB•e+…bLB.q¸Â„†4�©�š‹a �è´êÁ?fvhƆ�Ó[¯�/óbgwNAé0dê$¸ÌwYÕ�#Ü���^�CM�½Ðì�i‡ˆÑØlÈ�Ø��NÕ¤¾¸@'ÊS�Oêö—/�öå0ªL¹ÿÍ>[
�G)l�ªØ«b„±zÃjdÆYyQ¦Ñ^á�Ê¿-�È8{��`$öC�€á„ž£¨ .>æ·£p��‚�8ùi
!°c»”ù.ÁvApäaÇ‚¶I�n*Ð6Z~TU‰ª"ÊÊMRU*~��j©’½®Ã�×�Ci^Ú÷`N}�u�“ÄÊ$Á!9ŸIâ
£±cÒóBÊž%òˆIb�„Å0R_‘I�0�Ì*»xTqr�íªµIÎÎe’ùd�ó«˜ðЧ~ø�yAè…���®VáJ± �|��&%u�q ä2»�‰‡�þš<Âá¾ÛYu�{Æ��<’¯ðHƽá†|Ì# )YB¦¬‰\EáŠ-ÛtCà�@<íŽÀ‘]�œ°ñ·óHÊL&ùâV0È’A�w’s™Ô�ÊNǶe£1� ÷\«���Ã�òŠ“G*½áÉàé‘ÊÆ£=²)Ü(ýoÇ£`pš½>)«ÅVe1H[¨½Êª�G�ʉÉ�³ú 0»ýy–�›F«ÿKr/�E³BvÑ40�âyÑ/8Š�?„<0N4ñMÎx^ô�â›��ñ‘¢±g�È�«G���8ƒ�M�îzã¬>��CÑÒd5»hŸšäb%|T"!##Eë�§�+í¼¯S¢Oß”�‡À>!I-uª�vIª£²½~ÄQ�¡U�,ëÚCT�]N¼Qi<�{¡WãÍ×Ê�ý�¿É²�L2t¹ŠË4yh7)áÆZ�»mõ�å�Ú$e ºXDÊÚöóجʷÔ(‹Q¦*ÊãMüz/eç,ŒžóÎù�õ¦ è
endstream
endobj
111 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
167 0 obj <>stream
xœíYËnÛF�Ýó+.ÐMkD#’3Ç�}%i�5�Ë@�F`Ð"�1‘D—¤í¨‹~K>µwž�²Ö£Š„dQ�†çhîû\�/é?½_¯<�â4„«Ü{yå½ñþô|âӘã�Âï¸ùÁ�|øû~çCî±�bÆ`éñˆÉÕB®XB|±Æmg©öçÞ[oå� ~ê÷�‹I�A€{‰6£ÖÊÐ(�£(�„¾”�b#;÷f^J…§˜F„�K,Õë…\GÌ—k%ÕGFNXñ‰ÌÕÇ\CÌõ: ø$�™®O�‚��¸|åh�Ôq‰`áMÄ.�l<
�¿�'Ž$Ѻ�ˆ]Že‹¨“Œ„=íX8ã"Zµ�rƒ��G,��Z|�´fÄÇ]ü6ŒŒMY
��GÜWF´ü�[yQLÑ>¶Eœfp{¤ëœAg¨
ñ4 i¬+¤b”�)¡‰%q�èa¤
õÈñ�9”Ú44Ž'N$±éA
�RŒ�îéÇÊ_�v´jli塯zL‹� ‘îÑÊ“ÐØ”ÅÐØÒÊÃT�1òCläD+Ã(©)°�ŠV�$$Ž,ChD�£•¥¸ŸZ·�tÄÚ 44®'6�,
3Ú
8Ä:9)ÜÓ•Ã(èˆÕØ�+LòÀ29„FºG,K�cS–CcK,��eÄÈ�±‘?�±4õ»æ×@�K±¥’îÐ�B#z�±B&ŽÛîŠB&mP��׆XJ}su¤�8Ä:9)ÜӥÎU�,¥ÂXd)� )Øc“&�•�X�)M¥ª��Àäˆ�†IB�S
�…A�’„ZÎ�Њ�F¡PgÜq˸C¡
JAëzbc¡ÄĬÖ�NF�÷µcåÎ;�5¶4
‹<±Ì
•îq�Æ)ñ“ŽN-£¡�*#F~ˆü‘h
"Ft{¥�èÙ(Qk=“ô�<ŒT¡Î˜ã”1‡T�’žŽ´g;�á k�kµv8uÒQÑ«�+g~ÔQªq7�ááÚ]‹}de{„�œ�‹²��[BãDÙ0“P�ZéCéôAü 8£Ãâá`�ÀÕ�y��b¸$>º9‰8\-½ï��ðÃÕ�1ÈŸ``a
�^Ša,sàÃ�Žx<�ÞÄG=�úEaº� üDªø)a¡¬H]UíÏù²¡£eÖ´E}þ÷wÐ�õC9-à¶\å)4mu§k¶Åd”Æ$V&¯ ~ÞÁ�õîÊÕ{È«eV®`•-�c��ΕùǬl…Ьªá®Ìñ|fQ�m�yYìá5‰ˆ¯Ú“@õ�öЈ�¡tgê«¢
Y¾Ì÷Í>
ÅÍOf/âp²7–ÎíŠh{'iùX*:'÷óy1ý�㢎EÁÇ*×›iµš•ï![å0~Èêñ¢¼Uûù�‰*§pWÔ˲iÊjÕ�·�›}âà„‘
ŸCo#åí�|næÕý"‡Û�ç*λâ�a8?Ý�f�wXbœ65Ä¢��¼!£ñîÖà\LÁÂ|^?~ªGM=ú�a×`2sæ§�\T�€&‚ðœ¦_â��¾1ŸÓ÷�Ç[]¢2~²³žÛ�xr‰Ís[~��õþ¾¥h�› ÜÝ�Oå³›�Æñ‘"ízàQ÷€¤Þ&�D e|Ø��z�ï07§sú&pæç‹"«ñ Yì\�
Ìêj¹áÌ)gXŽ"/òó#�H[JE#J¢xc©ê%ŒêÙÓñŽÏv3A¹|Íøõ˜è�¸Ëû�´ó�ê�oju�wu5-š��çåtŽßNë"k‘ MG�à߶XµÍ3yÛè�Ì÷PÍöºS„ij.¶'ëJàóÕ¼l`™¡Í>âÔPáèЖ˂`cá�þªVè÷³Ølð‰�F@±EÊÕ=†CN7¤ná9Œ�1…mâY�|ÓVÕÂTÿFŒCùM~»»…BŽeT¦ÏÎÎ�àí/—�¯/^aÖy%FŒV�+G»uµnàÅÅdòò9\^N^¿‚>>>/MediaBox[0 0 612 792]>>
endobj
169 0 obj<>/A<>/Subtype/Link/Rect[536.96 708.56 561 720.15]>>
endobj
170 0 obj<>/A<>/Subtype/Link/Rect[48 695.55 246.86 707.14]>>
endobj
171 0 obj <>stream
xœíWÛnÛF�}çW�Ð�'µµâý’·&nŠ4váX
ú��E®%Æ$—áRv�ôcü©Ù]Ò”êT‚›¼�†�îì\Ïœ]}¶žÏ-�¢Ä…yný:·ÞXŸ-›Ù^�ÀåÂï¸ùÉrl8·Þ}°!·ü�"߇Ê
B_JµòcfÓ�·GK½¿²þ´jË�úk—–�±$�'v�3z
M�7HÐyiôvå^we]Y¡�A�3—Ìø‰Y—zíEÌÃ5©Œ–Fƒ�ÛL¥hcŠ.¦øÎa1Ø,�•¥Í|�Büáò7}4b±7xRBiÍp‹yñ�†‘ŒÇYï>ŒúƒZ �ë´•€�GG)@òä�fß�är=¬v ²Sê;b¯[�9êH�÷&U
Œ\�2�ZÙ0ê;b¯M5$°�€�µ~Œˆ{œìà�³õ�Ÿ…¾©�tÿ<;d‰¯»6^�Jh!uÑ7�î[8Ä¢ÅÁéL‡€mqÌQ#Œš8ÊCÉ[‡)HßñXœÜ·ÑÈC�Éd˜�}Û��íq�}ÛïMª:�yh£ç„Ú†Vß��íǶñ�Àóña|×ò>&��è�Al:}邃�êÀü
ÑN��AÏg^�óÊzò2-JžÃy*;ÞžÀ%oÊ"KaÊ»�jÑÁºN@žvüéü�±²2ë¬Äº•��IK´Xc0 y‹
�îfœß™Ð0�$0š6L?ðB"iŠÉSd�:½PjÁNX¬*h4wå^™pù¬Gº&s•– �k�&f\]?dqØËå½�jþVºãµÑû7ïF/ÖŽ�SlÕ;Q�½¤oº¿0SU“÷õÚ�•0Lh0ÈÁ%Ï�ž.ê%œ>‡«VTð<Í®×Í~d„~€dHF(¸iÖŠšåÓ¼’“�›
¹à�1V”�xùöì�šåÇ|]5iYRã§7i;](OrÚ�Ùµ\~.' s&háš-¿žPÆí(c¾“�bó\š9
îvUd+„"‡Vtˆ²�®D��†¶‘ì�K6R®�«¹À`T¹ž™s?€¥T(�$ã0¢X)"µ:žŠä'Èò�Žóxøp€-wÍáåºþZ40É@W~ùPñá/hp�“·Ø:\��ÿ¾�®s€���6<ƒÝº-�)��¥è$ˆ+˜½9�±îšu‡�ATÔ£)-¥€LÔ]ZÔ’P¼F�&•òV´¹½Æ`F�‡D†³áhÎmå¦ÎxÞß�£Ûf±Q_ÌU¤/
¨yçúy•ã\ó
™�î(µ�Ž~>Âá_®+^w:�SUºxJÌဠ܀阆t·æÿ»>�¾=Â^�±@3‘\!�« ÿÒ=ƒI+D7wÿ¬ý�ØK�ø;Œ.,M�;�HñN^‰nÅ°´û
…>s´¡c2$y6É%a�#‰û�4¦¯Ç�رmGÇAä91ÃÝý��—ù½CÉ;8þ²ÿ�=]¿w�Ý„Ù}�0GºqГÃÝ~*q�|mhÒzuAóJO¿¥@6Ù�y×ClF=�ã ñ/iÕ”x£ÓEºàÝ-ç5ñ�È’Þ~f� Aêƒ3º®á¾Ö[��l—ÓOX�.�ãè—Éi‘.k!�a
�ëb2½;@;tÌ8_`-Â>vÅ££çíM‘ñ =¬R¢lųkX×¼ÎÚMC¯�Ä,Þ/×P⣖øïý“y›Ö²�m�•È±dZ�o�ý�Âò���áC?\Ìyxõâüâ&|ÿ”AOÖ_EÍ?vB”PÊ&üÉ͘´—8�Š5Ïgt5^�Ë5½¿_¡!Hó�ï&ÉÕºÀñ; */`¶†ƒvwÈËÉ¡÷s°Õ•ÿÕà 3o¬¿�>q«
endstream
endobj
113 0 obj<>>>/MediaBox[0 0 612 792]/Annots[169 0 R 170 0 R]>>
endobj
172 0 obj <>stream
xœÍVKoÛF�¾ï¯˜C
$@´Ú÷. øR# Ò"©��ÈÁM�F¢-&|ÈäF‰{èoÉOí,�²,¹ �¸@(�œáÎ|óÞÝkòë‚0°‘€ÅŠ<[7äš0ʤÕð•�ø
�?�Îà�¹xÏ`E”�«��D�ÕRyK)GY qyìÖ×ä�) ‡ð«¯ˆ²42ÀS¬‡éè�hÆ…�6
úÜ!?È®É%1�¬4T���õtÞÒJqjF‘=r�ÊŒ¶!2�Q`ˆ�œ:`4‚6JF�2�ÿ�Þ¾�T¹Ü³„LNÎq‰J·s£ã�‹çƒùÈõŠ=�–4æéN�-»¯��´R‡W·.v|>ðJ *u�]ø~À�XÞB�3@¶9èù|à•æ�F'~Àî¤C�C³ì�b¯ôû�qÛ'�ÿC\?‰��Â�;�Gjþ\B�‹Klûð‘ƒu�‹¨ÂQ+ÈãfäU1K¿ù�fWuRú"™ÁÅ?óUѼ‡'‹Oa�ÿ�ÉD–Ú�é�ü]•é�_U9ä͇&·i
³-¬ÊfÖäÉ6åãpÎàзp·Zðª*áuµ�.€ËXÛX0��¹?~�G´ŠÊ��u�•e±1±qŒp�û\S!�å�¼3"�GÀú>.¬qŒ�&Ç2¢b$Ç·&Æá„¥Z�8�ÇÏAÖ£XD]Ö�ž)Eàšº¾�ý³«Å%BÆ"�ãÞ‡[ìuN9£bÜ�Sa?|€”ëH��ò�6YyeŽ›g�ıa6Î^¾~qŒðçããOO@�X%>7>mƘh˜�ÜZZ�¸¬«âØZ�Ù²Ø`Ï\Ÿpð>?Ñ�|V¤'�kZL°¤í0IÓ-‰�Kl’%¥‡9›nIþ%)‡!ýët\Zˆa�g³Ù=ÛIè�h|â³ÆgË�Pj��[[w �6Éòsê�ðرM‘yŸ®ž‚„:]¦Ù6Ðì—^�òªiž¶Á�Gä„`Uä¨ë,ÕÞC‘•ód{5/’oób•ná�0kÔ(3—¸-ŠHâ[PÍÝ�ï�ÆLɧrö&PY};ãÒá$¼»3ÿÈi|÷èÄ‹"^Aù¾µ€#�•êø�¸_ZFxEãô"ÍK¬Ûª*’¬„Åé�lª�ký±òkøšÜ`5“r�usS.¡úâÁWÐ�€Ðoóí��IãÓšÂ÷Å:k`¹N—Ÿ±]Ö‰‡—gçÏN!-—õÍÆgU9Á9'iç�BÕ_Ê�Û—N Jc#¹É)
ÏØÉÒø±¯ûó�ï^�+�¼>ˆ;–~’k^ÐyCþ�s�ì1
endstream
endobj
173 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
174 0 obj <>stream
xœíWÍnÛF�¾ïSÌ¡@Z Úìÿry�‚ÚN‘�
�K@Q��ÀH´å”"�’ˆëKž¥ÚY.IQr�²²
ä��’f´3ßÎÎ|3K}$¿,��ë�,VädAÞ’„Q&†�"à7\ü@8ƒßÉÙ9ƒ�Q�X¥`C´Q”5’Š(ó2.�Ä°¾&’œpð¯ò’(K�î´4-L�ÐŒ�¥#éý�»}½³]“�b$Xi¨ö0ʵrÖÈÊ�jQF“ØYxgF›#2<¢À#žq��£�šS2ªP1øŽàô×ΕËÁNÜÇ4Ç%*£>Œ u;ÎÃö–2Û:¶Š_Ò˜§�4êÐÕ�h¥ö_a]ôzÖé�Péætþ÷=µ·�%°¼�¦ƒlrÐêY§«È�Œ`¾§öÖ>‡ž,=!�¥�2bË“=�ài¥ÃË67�ê'Œ¦J„ª
åÞè€�z_®�»q=(a�KPûMç]�Që�äA �§hô�W�¢tX�»-b«÷E��c±}ÕöÔÞzXD‰Ui!›,´z_DauÀ�æ{jo}h�Ÿ€œ‡‡ñ¨éýF²ÁÀ¿°Kp?_mªsøiñÁOöû‘Œ³Ô�¤� N³<A0ÆceYlL,d��Ðr��yÅd�´(o¯òË»0”Òq�«¨�0GEž§Ë:]A]|�l�Ê�ß’�ê¤Z&×),×I™ b W�<{wþl�ˆÆ©�òóî|9n.��Á<$ó�Lp�–ê3_�9,³¢JW�"ä8“ä£p)µp¡¬nóñ3i':†>„�:b�=�J�m\GÐÃé µíèùòtþ×›£ã�$>3;*Ý‘q
´”�í¦óH�Ñ‘ï��iÎüUö�…2½Î®–ÉÏ�'½YsqÀuQ�µÀ�n’[H²ªØÉ’ÞÍ’rø7‰ã“¶�{š.�Üìv>>>/MediaBox[0 0 612 792]>>
endobj
175 0 obj <>stream
xœc`À���þ�Á��(wÂ(X�æ.ø���@Šÿ#� –
Èü
��ÿQ�é|tóÐíC8�â�$ Øýƒ��%†Ÿ
endstream
endobj
176 0 obj <>stream
xœ–wTT×�‡Ï½wz¡Í0�)Cï½
½7©ÒDa˜�`(��34±!¢��ED��A‚"�Œ†"±"Š…€`Á� Ä`�QQy3²Vtåå½——ß�g}kŸ½÷=gï}Öº�¼ý¹¼tX
€4ž€�âåJŒŠ¦cû��ð��Ì�`²23�B=ÀH>�nôL‘�ø"�€7wÄ+�7¼ƒètðÿIš•Á�ˆÒ�‰Ø‚ÍÉd‰¸PÄ©Ù‚�±}FÄÔø�1Ã(1óE��±¼˜��Ùð³Ï";‹™Æc‹X|æ�v�[Ì="Þš%äˆ�ñ�qQ�—“-â["ÖL�¦qEüV�›Æaf�€"‰í��+IĦ"&ñÃBÜD¼���)ñ+ŽÿŠ�œ�øRné�¹|nb’€®ËÒ£›ÙÚ2èÞœìTŽ@`�Äd¥0ùlº[zZ�“—�Àâ?KF\[º¨ÈÖf¶ÖÖFæÆf_�ê¿nþM‰{»H¯‚?÷�¢õ}±ý•_z=�ŒYQmv|±Åï� c3�ò÷¿Ø4�� )ê[ûÀW÷¡‰ç%I È°31ÉÎÎ6ærXÆâ‚þ¡ÿéð7ôÕ÷ŒÅéþ(�Ý“À�¦
è⺱ÒSÓ…|zf�“Å¡�ýyˆÿqà_ŸÃ0„“Àásx¢ˆpÑ”qy‰¢vóØ\�7GçòþS�ÿaØŸ´8×"Q�>�j¬1� �ä×>€¢���s@´�ýÑ7|8�¿¼�ՉŹÿ,èß³Âeâ%“›ø9Î-$ŒÎ�ò³�÷ÄÏ� ��H�*P�*@�è�#`�l€=p��À��‚0��V��H�i€�²A>Ø�Š@ Ø�vƒjP��@�h�'@�8
.€Ëà:¸�nƒ�`�Œƒç`�¼�ó��a!2D� UH�2€Ì!�ä�y@þP���ÅA‰���BùÐ&¨�*‡ª¡:¨ ú�:�]€®BƒÐ=h�š‚~‡ÞÃ�L‚©°2¬
›À�Ø�öƒÃà•p"¼�΃�áíp�\��ƒÛá�ðuø6<�?‡g�€���¢†�!�Ä
D¢‘�„¬CŠ‘J¤�iAº^ä&2‚L#ïP���EG�¡ìQÞ¨å(�j5j�ª�U:‚jGõ n¢FQ3¨Oh2Z m€¶Cû #щèlt�º�݈nC_BßF£ß`0��F�cƒñÆDa’1k0¥˜ý˜VÌyÌ f�3‹Åb�°�X�l –‰�`‹°{±Ç°ç°CØqì[��§Š3Çyâ¢q<\�®�w�w�7„›ÀÍã¥ðZx;| žÏÅ—á�ð]ø�ü8~ž MÐ!8�Â�É„„*B�á�á!á�‘HT'Ú�ƒ‰\â�b�ñ8ñ
q”øŽ$CÒ'¹‘bHBÒvÒaÒyÒ=Ò+2™¬Mv&G“�äíä&òEòcò[ Š„±„�[b½DD»ÄÄ�I¼¤–¤‹ä*É<ÉJÉ“’�’ÓRx)m)7)¦Ô:©�©SRÃR³Ò�i3é@é4éRé£ÒW¥'e°2Ú2�2l™B™C2�eÆ(�EƒâFaQ6Q�(—(ãT�U‡êCM¦–P¿£öSgded-eÃesdkdÏÈŽÐ�š6͇–J+£ Ý¡½—S–s‘ãÈm“k‘�’›“_"ï,Ï‘/–o•¿-ÿ^®à¡¢°S¡Cá‘"JQ_1X1[ñ€â%Åé%Ô%öKXKŠ—œXr_ VÒW
QZ£tH©OiVYEÙK9Cy¯òEåi�šŠ³J²J…ÊY•)UŠª£*WµBõœê3º,Ý…žJ¯¢÷ÐgÔ”Ô¼Õ„jujýjóê:êËÕ�Ô[Õ�i�4�� ���Ý�3šªš�šùšÍš÷µðZ�$=Z½ZsÚ:Ú�Ú[´;´'uäu|tòtšu�ê’utWëÖëÞÒÃè1ôRôöëÝЇõô“ôkô��`�k�®Á~ƒAC´¡!Ï°Þp؈däb”eÔl4jL3ö7.0î0~a¢i�m²Ó¤×ä“©•iªiƒé�3�3_³�³.³ßÍõÍYæ5æ·,È�ž�ë-:-^Z�Xr,�XÞµ¢X�Xm±ê¶úhmcÍ·n±ž²Ñ´‰³Ùg3Ì 2‚�¥Œ+¶h[WÛõ¶§mßÙYÛ ìNØýfodŸbÔ~r©ÎRÎÒ†¥c�ê�L‡:‡�GºcœãAÇ�'5'¦S½Ó�g
g¶s£ó„‹žK²Ë1—�®¦®|×6×97;·µnçÝ�w/÷b÷~��å�Õ�=Õ=�=›=g¼¬¼Öx÷F{ûyïô�öQöaù4ùÌøÚø®õíñ#ù…úUû=ñ×÷çûw�À�¾�»��.ÓZÆ[Ö���}�w�>
Ò Z�ôc0&8(¸&øiˆYH~Ho(%46ôhè›0×°²°�Ëu—�—w‡K†Ç„7…ÏE¸G”GŒDšD®¼�¥�ÅêŒÆF‡G7FÏ®ðX±{ÅxŒULQÌ•:+sV^]¥¸*uÕ™XÉXfìÉ8t\DÜѸ�Ì@f=s6Þ'~_ü�˵‡õœíÌ®`Oq�8圉�‡„ò„ÉD‡Ä]‰SINI•IÓ\7n5÷e²wrmò\J`Êá”…ÔˆÔÖ4\Z\Ú)ž�/…ד®’ž“>˜aQ”1²ÚnõîÕ3|?~c&”¹2³S@�ýLõ u…›…£YŽY5Yo³Ã³OæHçðrúrõs·åNäyæ}»�µ†µ¦;_-cþèZ—µuë uñëº×k¬/\?¾ÁkÑ„)�*0-(/x½)bSW¡rá†Â±Í^››‹$ŠøEÃ[ì·ÔnEmåníßf±mï¶OÅìâk%¦%•%�JY¥×¾1û¦ê›…í ÛûˬË�ìÀìàí¸³Óiç‘réò¼ò±]�»Ú+è�Å�¯wÇî¾ZiYY»‡°G¸g¤Ê¿ªs¯æÞ�{?T'Uß®qiݧ´oÛ¾¹ýìýC�œ�´Ô*×–Ô¾?È=x·Î«®½^»¾ò�æPÖ¡§
á
½ß2¾mjTl,iüx˜wxäHÈ‘ž&›¦¦£JGËšáfaóÔ±˜c7¾sÿ®³Å¨¥®•ÖZr����ö}Ü÷wNøè>É8ÙòƒÖ�ûÚ(mÅíP{nûLGRÇHgTçà)ßSÝ]ö]m?�ÿxø´Úéš3²gÊÎ�Î�ž]8—wnö|Æùé�‰�ƺc»�\Œ¼x«'¸§ÿ’ߥ+—=/_ìué=wÅáÊé«vWO]c\ë¸n}½½Ïª¯í'«ŸÚúûÛ�l�:oØÞè�\:xvÈièÂM÷›—oùܺ~{ÙíÁ;ËïÜ�Ž��¹Ë¾;y/õÞËûY÷ç�lxˆ~XüHêQåc¥Çõ?ëýÜ:b=rfÔ}´ïIè“�c¬±ç¿dþòa¼ð)ùiå„êDÓ¤ùäé)Ï©�ÏV<�žñ|~ºèWé_÷½Ð}ñÃoοõÍDÎŒ¿ä¿\ø½ô•Â«Ã¯-_wÏ�Í>~“öf~®øÂÛ#ï�ïzßG¼Ÿ˜Ïþ€ýPõQïc×'¿O��Ò��þ��˜óü
endstream
endobj
177 0 obj <>stream
xœ’]��A�†ß_‹|¦Hq!)¹”Rþ�ò™"Å…¤äBRJ÷Ø1sÖW›é¹8óœw¶ÝÙãyÿ/Dz�ù�NŽQ; sC×�XpKùvDÂé)Z�´¯(¬Ì“YpKÉ–:"Ä��šgáÙ�ï�¶�о´AýhÐÞJ�´¯ìPÝ�23ó>,¬d@çË[‡¾œ wùâÚ�Æç�È/
Ú[É€ö© ²sƒöV2 }´/—죽•�¼ü�šøPÐßë›`80>stream
xœíW_oÛ6�ק8 �°
0Í¿¢”§a[7tÀŠ¦ñÖ‡ �j-Ûêô'‘”¤ù6ý¨;’’B Ie».º‡Á°Í�ïw¼ãïîH]�?¯�
:æ°Z�ÏWÁyp�PB…Vp�pø�'?�ŒÂŸÁå[
ë@F ¥„"P¡´£ÜŽdD¨�ã´7tó»àMP��̧Þ�R“8�N¹à�7v†�Œ‹(Ò�oõ¦r¯»�6A(@‹(cFÆÝ8·cÅ�‰pŒ*Þ°×0`Jlˆ�Cä�â¥Q¢$��%%�…�¿�¼þ½‡2á„B�\à��Ñà†“ú�/Üòœ0Ý�;ÁL)ܧQ�Vô¡ÆA-”ùsó|ó^6�•²Ñ™ç�qÐv�hfMð°7i÷ “ó^Vœ9�N}"�Úf�M²� áQïgÄCžLò�£•‚™ ÝÞt‚ãG�‰¸cÍ��JGPh°\y«qåQ8øâÄaÑ�çBLx‡tcB/
+ ÆE)ЉèÄN�H4�•�X›ˆƒ¶O¢DV:“v�:y ‘Ç‘³áÔ'â },‰6JFÄÞX¡ã.äD°Ž;Ü+9��•ÔÔ��KÆ
sRõ™ñEÖ7#ò?oPcõq�“È$U(}
ý8‚Ž§„�ESo,°3íæ‹Ïh‚ê ±ïïÈÅ‘ÙÇÀÇÑyò^s¼�'–o•Üÿ��(˜�V�žòËß�Ä°Ú`�6��èÈ"hL$žþEð}³KòªX¤�Û3XÔUÕ.àr¹«Št¹“²-’åºhÞÂ�«�æ¦ð´É0ÖD;“Ï NÞWU¹h«*‡Ûå�©��ŸÀƒ‡©C[˜À<—êÐ�&0¥õáÁwÅ~ÈB��õH±?Ø8A±�g†:I±�Ž�‰: Ø�&w¼×V~AÙžâ&s
ænn<ç€WNnê–Ãû�–Y±Uðk�çóíQjoX‰ÚÆü&ÉZ|
EVÞ´i�›ª†�¯.žÿ‚,\åÉ=´Ya8o‘WY�@ŠJœE: E¶Ú4/Ó�š6½j yWÝ�›þµ��—¬OÊ=��g¡y�4Ú/6]lM›å9Ü™Ÿ²j᮪ÿÙ£å1l�¡5ôW“Ž*�3¶MjLÙ�ÞUí�“uÝìc�y�zzÐŒºéÿï�ßö]À`΃�Ê�^«
endstream
endobj
179 0 obj<>/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/Font<>>>/MediaBox[0 0 612 792]>>
endobj
180 0 obj <>stream
xœc`À���þ�Á��(wÂ(X�æ.ø���@Šÿ#� –
Èü
��ÿQ�é|tóÐíC8�â�$ Øýƒ��%†Ÿ
endstream
endobj
181 0 obj <>stream
xœ–wTT×�‡Ï½wz¡Í0�)Cï½
½7©ÒDa˜�`(��34±!¢��ED��A‚"�Œ†"±"Š…€`Á� Ä`�QQy3²Vtåå½——ß�g}kŸ½÷=gï}Öº�¼ý¹¼tX
€4ž€�âåJŒŠ¦cû��ð��Ì�`²23�B=ÀH>�nôL‘�ø"�€7wÄ+�7¼ƒètðÿIš•Á�ˆÒ�‰Ø‚ÍÉd‰¸PÄ©Ù‚�±}FÄÔø�1Ã(1óE��±¼˜��Ùð³Ï";‹™Æc‹X|æ�v�[Ì="Þš%äˆ�ñ�qQ�—“-â["ÖL�¦qEüV�›Æaf�€"‰í��+IĦ"&ñÃBÜD¼���)ñ+ŽÿŠ�œ�øRné�¹|nb’€®ËÒ£›ÙÚ2èÞœìTŽ@`�Äd¥0ùlº[zZ�“—�Àâ?KF\[º¨ÈÖf¶ÖÖFæÆf_�ê¿nþM‰{»H¯‚?÷�¢õ}±ý•_z=�ŒYQmv|±Åï� c3�ò÷¿Ø4�� )ê[ûÀW÷¡‰ç%I È°31ÉÎÎ6ærXÆâ‚þ¡ÿéð7ôÕ÷ŒÅéþ(�Ý“À�¦
è⺱ÒSÓ…|zf�“Å¡�ýyˆÿqà_ŸÃ0„“Àásx¢ˆpÑ”qy‰¢vóØ\�7GçòþS�ÿaØŸ´8×"Q�>�j¬1� �ä×>€¢���s@´�ýÑ7|8�¿¼�ՉŹÿ,èß³Âeâ%“›ø9Î-$ŒÎ�ò³�÷ÄÏ� ��H�*P�*@�è�#`�l€=p��À��‚0��V��H�i€�²A>Ø�Š@ Ø�vƒjP��@�h�'@�8
.€Ëà:¸�nƒ�`�Œƒç`�¼�ó��a!2D� UH�2€Ì!�ä�y@þP���ÅA‰���BùÐ&¨�*‡ª¡:¨ ú�:�]€®BƒÐ=h�š‚~‡ÞÃ�L‚©°2¬
›À�Ø�öƒÃà•p"¼�΃�áíp�\��ƒÛá�ðuø6<�?‡g�€���¢†�!�Ä
D¢‘�„¬CŠ‘J¤�iAº^ä&2‚L#ïP���EG�¡ìQÞ¨å(�j5j�ª�U:‚jGõ n¢FQ3¨Oh2Z m€¶Cû #щèlt�º�݈nC_BßF£ß`0��F�cƒñÆDa’1k0¥˜ý˜VÌyÌ f�3‹Åb�°�X�l –‰�`‹°{±Ç°ç°CØqì[��§Š3Çyâ¢q<\�®�w�w�7„›ÀÍã¥ðZx;| žÏÅ—á�ð]ø�ü8~ž MÐ!8�Â�É„„*B�á�á!á�‘HT'Ú�ƒ‰\â�b�ñ8ñ
q”øŽ$CÒ'¹‘bHBÒvÒaÒyÒ=Ò+2™¬Mv&G“�äíä&òEòcò[ Š„±„�[b½DD»ÄÄ�I¼¤–¤‹ä*É<ÉJÉ“’�’ÓRx)m)7)¦Ô:©�©SRÃR³Ò�i3é@é4éRé£ÒW¥'e°2Ú2�2l™B™C2�eÆ(�EƒâFaQ6Q�(—(ãT�U‡êCM¦–P¿£öSgded-eÃesdkdÏÈŽÐ�š6͇–J+£ Ý¡½—S–s‘ãÈm“k‘�’›“_"ï,Ï‘/–o•¿-ÿ^®à¡¢°S¡Cá‘"JQ_1X1[ñ€â%Åé%Ô%öKXKŠ—œXr_ VÒW
QZ£tH©OiVYEÙK9Cy¯òEåi�šŠ³J²J…ÊY•)UŠª£*WµBõœê3º,Ý…žJ¯¢÷ÐgÔ”Ô¼Õ„jujýjóê:êËÕ�Ô[Õ�i�4�� ���Ý�3šªš�šùšÍš÷µðZ�$=Z½ZsÚ:Ú�Ú[´;´'uäu|tòtšu�ê’utWëÖëÞÒÃè1ôRôöëÝЇõô“ôkô��`�k�®Á~ƒAC´¡!Ï°Þp؈däb”eÔl4jL3ö7.0î0~a¢i�m²Ó¤×ä“©•iªiƒé�3�3_³�³.³ßÍõÍYæ5æ·,È�ž�ë-:-^Z�Xr,�XÞµ¢X�Xm±ê¶úhmcÍ·n±ž²Ñ´‰³Ùg3Ì 2‚�¥Œ+¶h[WÛõ¶§mßÙYÛ ìNØýfodŸbÔ~r©ÎRÎÒ†¥c�ê�L‡:‡�GºcœãAÇ�'5'¦S½Ó�g
g¶s£ó„‹žK²Ë1—�®¦®|×6×97;·µnçÝ�w/÷b÷~��å�Õ�=Õ=�=›=g¼¬¼Öx÷F{ûyïô�öQöaù4ùÌøÚø®õíñ#ù…úUû=ñ×÷çûw�À�¾�»��.ÓZÆ[Ö���}�w�>
Ò Z�ôc0&8(¸&øiˆYH~Ho(%46ôhè›0×°²°�Ëu—�—w‡K†Ç„7…ÏE¸G”GŒDšD®¼�¥�ÅêŒÆF‡G7FÏ®ðX±{ÅxŒULQÌ•:+sV^]¥¸*uÕ™XÉXfìÉ8t\DÜѸ�Ì@f=s6Þ'~_ü�˵‡õœíÌ®`Oq�8圉�‡„ò„ÉD‡Ä]‰SINI•IÓ\7n5÷e²wrmò\J`Êá”…ÔˆÔÖ4\Z\Ú)ž�/…ד®’ž“>˜aQ”1²ÚnõîÕ3|?~c&”¹2³S@�ýLõ u…›…£YŽY5Yo³Ã³OæHçðrúrõs·åNäyæ}»�µ†µ¦;_-cþèZ—µuë uñëº×k¬/\?¾ÁkÑ„)�*0-(/x½)bSW¡rá†Â±Í^››‹$ŠøEÃ[ì·ÔnEmåníßf±mï¶OÅìâk%¦%•%�JY¥×¾1û¦ê›…í ÛûˬË�ìÀìàí¸³Óiç‘réò¼ò±]�»Ú+è�Å�¯wÇî¾ZiYY»‡°G¸g¤Ê¿ªs¯æÞ�{?T'Uß®qiݧ´oÛ¾¹ýìýC�œ�´Ô*×–Ô¾?È=x·Î«®½^»¾ò�æPÖ¡§
á
½ß2¾mjTl,iüx˜wxäHÈ‘ž&›¦¦£JGËšáfaóÔ±˜c7¾sÿ®³Å¨¥®•ÖZr����ö}Ü÷wNøè>É8ÙòƒÖ�ûÚ(mÅíP{nûLGRÇHgTçà)ßSÝ]ö]m?�ÿxø´Úéš3²gÊÎ�Î�ž]8—wnö|Æùé�‰�ƺc»�\Œ¼x«'¸§ÿ’ߥ+—=/_ìué=wÅáÊé«vWO]c\ë¸n}½½Ïª¯í'«ŸÚúûÛ�l�:oØÞè�\:xvÈièÂM÷›—oùܺ~{ÙíÁ;ËïÜ�Ž��¹Ë¾;y/õÞËûY÷ç�lxˆ~XüHêQåc¥Çõ?ëýÜ:b=rfÔ}´ïIè“�c¬±ç¿dþòa¼ð)ùiå„êDÓ¤ùäé)Ï©�ÏV<�žñ|~ºèWé_÷½Ð}ñÃoοõÍDÎŒ¿ä¿\ø½ô•Â«Ã¯-_wÏ�Í>~“öf~®øÂÛ#ï�ïzßG¼Ÿ˜Ïþ€ýPõQïc×'¿O��Ò��þ��˜óü
endstream
endobj
182 0 obj <>stream
xœ’]��A�†ß_‹|¦Hq!)¹”Rþ�ò™"Å…¤äBRJ÷Ø1sÖW›é¹8óœw¶ÝÙãyÿ/Dz�ù�NŽQ; sC×�XpKùvDÂé)Z�´¯(¬Ì“YpKÉ–:"Ä��šgáÙ�ï�¶�о´AýhÐÞJ�´¯ìPÝ�23ó>,¬d@çË[‡¾œ wùâÚ�Æç�È/
Ú[É€ö© ²sƒöV2 }´/—죽•�¼ü�šøPÐßë›`80>stream
xœíWÍrÛ6�¾ó)v¦—¤3†ðK>5±Ž›xbWîøàäÀH¥”?2E»qŸ¦Ú�@Ф�Ûª¤Lzèx4Æ�»�v÷[,€ëèõyDA§�ΧÑÑyt�]G”P¡�ü�qø�'?GŒÂItù‘Â4’ h)¡ˆT,Ý(w#™�jÇ8Ý�úùyt�•��ûW_ER“4�NSž´0~ìö��,eÖÞé=”ƒî<šE±�-b¢,ŒLÛqîÆŠRbP¥7��Ö˜��"Å�9†xÉH�”¤à¢¤D¢�ã/_�¦LôVB!Æ8EDҹᥰâ8,/“Ö°�ì”Â<
�pbßÔ:¨…²ÿü<ïä<ÈV?Q.:ûýØi{
4s�<�.�œ�YÑÔcxõ�b§msh‹¥+ˆ�õýŠ¸¯“�u€ÑJ) �ôµ‚ç�I÷�jõÇÒ��J‰IÑÝjN¸§°óÅ‹Ý¢ãà‚âi+ôHìÅáä±uÒ®&ïYôbG¢UO;Ò†RPí3(…lÑ\�¼ØñÇ%uö^w(�ÕMɳ±qAâÀY+´œQIbÙrÖ��%„HM�1©dÜ2&U¨ˆÐg�ÒŸ�Ô¸ë8çmaɾ„@?�L‡Ó^¢Ø��zã�[h?_<¡=�ª5Mûþ�\�À~Íx3:wÞc6wcW{ä{Õõ„�
ö�‹��öÑ��)œÏ°éÚ�tâ,°¥K<ð‹èÅjžåU±g¾4û°WWU³�—£yU˜ÑU•M‘¦Åê#¼<ÿl/�CÆ©&ÚCþ�u6©ªr¯©ª�j³j²ºy� ‰ñÖá�ÆMµ\.Ê+8~{��^�_½=9�½Ï~ÏÍ݇—°2õ©÷ÛUÈóÈZ�á‘ßä7«¹E�¿:„¬œÂøô5 bnÛºsîÞ�f�ÎL×°WØä|v~+ó*›ºèNÇG�£I}·l*(ªéMnVk9#RÂ=Ø× àÆ°–[�{Š�ëݶN1E�ñ¸Sk»„û‹mG–Jy¨îÈR
¥�²òo=ˆÓ®–{�¬›�¥t(؃ªœ-®njëD[ï„L«Ò¬"UW³v�înC)!B5ïª}(<æxh�ö&ýtØüð¢‰O�Ö_Îâà’‰tkýÕwì�m…
Ÿ9íi¹Ú[åÙaûÝn�®ÇÓ#™&T;'l’êy2ÈöfWReo¼ß õŠ�OH½Õn� &Lo¾›…¦„ë�µ^¡�¢ô.Z¯1I’´^ç?{©µ]ÂëŒÜ’,Æì£js²ðfÓÖù†—'IWË�´^®ãP°[´^Ž—þP³»m½\‰PÍO7‚-zè.îÂ×`�vÖq� CÍÄÎN
�-Š+
‡�œ=ß«�V�†ÌìƒÎF|‘-�ü�Å¢¼i°°gUí7
vºežÝA³(lª±öÍ—å¢6�Îç¦ÄÙ¦ÆɹÆä¥i`Õ˜å
²OÕmGæ·:lX"ˆÐë�6L¥öµ÷�m��Üô¡¶Ýø©Ó><�ÃI†qÕ0v%�Ç%6ÿ<_cMü¨ýqø:[�x¿4uæJv|‡€Åó�xsWþ„<4Ÿ�Y �scþ¼{Þ�oÕÜûP›¬102Íd”-�û#�Ü€d:¢4¯&YîÄá¹ûÿ»õ»½[ÍYô7lP —
endstream
endobj
5 0 obj<>/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/Font<>>>/MediaBox[0 0 612 792]>>
endobj
184 0 obj<>/A<>/Subtype/Link/Rect[48 103.42 96.41 115.01]>>
endobj
185 0 obj <>stream
xœíYÛrÛ6�}çWì4/I'‚x�IÉíKj'Swš4qÕö¡éxh�’�ñ�‚’cM>µ‹��‚–%#Ïä!qlaÅáÁîÙ�˜|´~™Y6„S�f‰õrf½³>Z6±½Ð‡kË…ßpòƒåØðÚú÷?��‹N ¤�rË�¨�erD'Ä�cœî
ÕüÒúÇ*,�ÄW½°hH¦�¸Nà¶0j¬€FŽëÒ©/ÖK¿¡Ýú.¹�x�z�ñ��êq&Ç?�Þ™ðé[�±Ü&�l�à÷Dðº�mB\�MŸ„¾��Ÿ‰@?ö—�¦•��6 ��¹R£k‡|—¿±-½xÚ£lÒ4·6˜î�¸Ãl��#Ç¡#±Ü Ŷ¥·²³Ö�‚©�Sî�³ó�¹�²ì¤×�Y_{_�9`#¢èân¨N6TPpU�ëþ¸sÚ.•û�UÐÜ௻ µf+–nñ`^™~à����õÕ¢�ò]þÆÖ:µôX›DMämË
ªû�îP��b‹\�gÒb+y(»“‹�R�¦Ü�fç}�¹PJ‰ëéìjC�Å› ��ëÞ°sÙ.–ûàdÈ(õ�RlcÔ™XºÅƒyez�‡Pß$Ô׊žÏw¸÷·Õ)¥GÙdiânYmÐÜ¿þ�¯A�¶�…z´Å–ÂÐv'�oj+0å>0;ïc�Åøªq‹0hCÅÄu]⨢6ÇÓv©Ü�(ƒæNh{’‰}vf+•nñ`^›ÈbJ�ŒúZÑ�ù.ckZz¬M¢&ò¶å�Õý�w¨
�±E.nè·ØR�ÚîäâzŽ�Óî�³õ>†\œ0TÕ(â
���O»6ØƸuÚ.—û�eÐœ0Ð
Jl³µZ±tKÍima§�¦�:}h‡|—¿±¯N+=Ê�K�xÛê>ѽËïð2c°E'N�j`)�ev*qð¢%‘´óÀÔÎ��É#\Æ�N㨇üÃi�õ�y8£¶¦‡Ó8žì¿�}Ú ¾°úð
tü
Û�¾v:0›cYŠ �‰\eË{Ý,·žŽÇ𦄪L‹�Ò�ÿò&ʲ´X@�YÙ@9‡y„��üý�8«7¬æÏf�Äkíîg�STp(Ÿñâíìää\!.X\æ9+��?Ø?üt�ÖÄ�Õp�ëÏõbÁxc =$�fØœ»4�'ðŠ¤pZ³¨a0fM<ŽªfÌËu�3N²”7$�ÛvVÆQFⲘkNÐ�ö�̶‰ëJ¶ »‚eÓT'ã1�G5«J’°
ËHÁ�R܊ߦQ1†ë%c·7GiqPRüIH\§}ƈ×ñCŸóõ)C’“A¾|ê�OiFË�š%ã�ª(^E(›“þ.·çÜw�âø�#®Ëb„Ù��׌�ÐàO¨ê2®8TQÂ(ˆ(IjÆ9���>ÿ.�€‘€óW—/þšýñ�O‚�X³´/Ïß¾8;»P霯k,±z¿�<��ªµÑ�u"à)³–¨—È¡n$¤²Ê
±‹¸IË‚�¶Íº.P¼s8ûõô-ò{Óî�»J!j�p�]e8� i�hk“F�°óP3J�-̈£ÞÇ…‘iÊZ‹xÅ�ö€¨$,�œ»Á2Iã%Ü”kˆQØñ2*P?WØ{Ä�Ò¹˜©ažf
«õ,‡Ey�;W¼±�r×Ø’�¸¥/Å;UˆH5ÐØ’9�»xôº"û�àN±ééN‚¥nVãQ/n»ËÇõÛ†&Ë'mÖ �,?<{�*?—v�Ç�XÔQÂ�¹ú\<uóÆna{}�-�Xw‚°b“bÛ�Ýšð¥Ñ‹7Q–k.. Å‚#•�>��½��ÿ¸RôH¦†4Ÿñ©¶m¨îû{ú÷÷ôoó=]¬ygý�DY½©
endstream
endobj
187 0 obj<>>>/MediaBox[0 0 612 792]/Annots[184 0 R]>>
endobj
188 0 obj <>stream
xœc`À���þ�Á��(wÂ(X�æ.ø���@Šÿ#� –
Èü
��ÿQ�é|tóÐíC8�â�$ Øýƒ��%†Ÿ
endstream
endobj
189 0 obj <>stream
xœ–wTT×�‡Ï½wz¡Í0�)Cï½
½7©ÒDa˜�`(��34±!¢��ED��A‚"�Œ†"±"Š…€`Á� Ä`�QQy3²Vtåå½——ß�g}kŸ½÷=gï}Öº�¼ý¹¼tX
€4ž€�âåJŒŠ¦cû��ð��Ì�`²23�B=ÀH>�nôL‘�ø"�€7wÄ+�7¼ƒètðÿIš•Á�ˆÒ�‰Ø‚ÍÉd‰¸PÄ©Ù‚�±}FÄÔø�1Ã(1óE��±¼˜��Ùð³Ï";‹™Æc‹X|æ�v�[Ì="Þš%äˆ�ñ�qQ�—“-â["ÖL�¦qEüV�›Æaf�€"‰í��+IĦ"&ñÃBÜD¼���)ñ+ŽÿŠ�œ�øRné�¹|nb’€®ËÒ£›ÙÚ2èÞœìTŽ@`�Äd¥0ùlº[zZ�“—�Àâ?KF\[º¨ÈÖf¶ÖÖFæÆf_�ê¿nþM‰{»H¯‚?÷�¢õ}±ý•_z=�ŒYQmv|±Åï� c3�ò÷¿Ø4�� )ê[ûÀW÷¡‰ç%I È°31ÉÎÎ6ærXÆâ‚þ¡ÿéð7ôÕ÷ŒÅéþ(�Ý“À�¦
è⺱ÒSÓ…|zf�“Å¡�ýyˆÿqà_ŸÃ0„“Àásx¢ˆpÑ”qy‰¢vóØ\�7GçòþS�ÿaØŸ´8×"Q�>�j¬1� �ä×>€¢���s@´�ýÑ7|8�¿¼�ՉŹÿ,èß³Âeâ%“›ø9Î-$ŒÎ�ò³�÷ÄÏ� ��H�*P�*@�è�#`�l€=p��À��‚0��V��H�i€�²A>Ø�Š@ Ø�vƒjP��@�h�'@�8
.€Ëà:¸�nƒ�`�Œƒç`�¼�ó��a!2D� UH�2€Ì!�ä�y@þP���ÅA‰���BùÐ&¨�*‡ª¡:¨ ú�:�]€®BƒÐ=h�š‚~‡ÞÃ�L‚©°2¬
›À�Ø�öƒÃà•p"¼�΃�áíp�\��ƒÛá�ðuø6<�?‡g�€���¢†�!�Ä
D¢‘�„¬CŠ‘J¤�iAº^ä&2‚L#ïP���EG�¡ìQÞ¨å(�j5j�ª�U:‚jGõ n¢FQ3¨Oh2Z m€¶Cû #щèlt�º�݈nC_BßF£ß`0��F�cƒñÆDa’1k0¥˜ý˜VÌyÌ f�3‹Åb�°�X�l –‰�`‹°{±Ç°ç°CØqì[��§Š3Çyâ¢q<\�®�w�w�7„›ÀÍã¥ðZx;| žÏÅ—á�ð]ø�ü8~ž MÐ!8�Â�É„„*B�á�á!á�‘HT'Ú�ƒ‰\â�b�ñ8ñ
q”øŽ$CÒ'¹‘bHBÒvÒaÒyÒ=Ò+2™¬Mv&G“�äíä&òEòcò[ Š„±„�[b½DD»ÄÄ�I¼¤–¤‹ä*É<ÉJÉ“’�’ÓRx)m)7)¦Ô:©�©SRÃR³Ò�i3é@é4éRé£ÒW¥'e°2Ú2�2l™B™C2�eÆ(�EƒâFaQ6Q�(—(ãT�U‡êCM¦–P¿£öSgded-eÃesdkdÏÈŽÐ�š6͇–J+£ Ý¡½—S–s‘ãÈm“k‘�’›“_"ï,Ï‘/–o•¿-ÿ^®à¡¢°S¡Cá‘"JQ_1X1[ñ€â%Åé%Ô%öKXKŠ—œXr_ VÒW
QZ£tH©OiVYEÙK9Cy¯òEåi�šŠ³J²J…ÊY•)UŠª£*WµBõœê3º,Ý…žJ¯¢÷ÐgÔ”Ô¼Õ„jujýjóê:êËÕ�Ô[Õ�i�4�� ���Ý�3šªš�šùšÍš÷µðZ�$=Z½ZsÚ:Ú�Ú[´;´'uäu|tòtšu�ê’utWëÖëÞÒÃè1ôRôöëÝЇõô“ôkô��`�k�®Á~ƒAC´¡!Ï°Þp؈däb”eÔl4jL3ö7.0î0~a¢i�m²Ó¤×ä“©•iªiƒé�3�3_³�³.³ßÍõÍYæ5æ·,È�ž�ë-:-^Z�Xr,�XÞµ¢X�Xm±ê¶úhmcÍ·n±ž²Ñ´‰³Ùg3Ì 2‚�¥Œ+¶h[WÛõ¶§mßÙYÛ ìNØýfodŸbÔ~r©ÎRÎÒ†¥c�ê�L‡:‡�GºcœãAÇ�'5'¦S½Ó�g
g¶s£ó„‹žK²Ë1—�®¦®|×6×97;·µnçÝ�w/÷b÷~��å�Õ�=Õ=�=›=g¼¬¼Öx÷F{ûyïô�öQöaù4ùÌøÚø®õíñ#ù…úUû=ñ×÷çûw�À�¾�»��.ÓZÆ[Ö���}�w�>
Ò Z�ôc0&8(¸&øiˆYH~Ho(%46ôhè›0×°²°�Ëu—�—w‡K†Ç„7…ÏE¸G”GŒDšD®¼�¥�ÅêŒÆF‡G7FÏ®ðX±{ÅxŒULQÌ•:+sV^]¥¸*uÕ™XÉXfìÉ8t\DÜѸ�Ì@f=s6Þ'~_ü�˵‡õœíÌ®`Oq�8圉�‡„ò„ÉD‡Ä]‰SINI•IÓ\7n5÷e²wrmò\J`Êá”…ÔˆÔÖ4\Z\Ú)ž�/…ד®’ž“>˜aQ”1²ÚnõîÕ3|?~c&”¹2³S@�ýLõ u…›…£YŽY5Yo³Ã³OæHçðrúrõs·åNäyæ}»�µ†µ¦;_-cþèZ—µuë uñëº×k¬/\?¾ÁkÑ„)�*0-(/x½)bSW¡rá†Â±Í^››‹$ŠøEÃ[ì·ÔnEmåníßf±mï¶OÅìâk%¦%•%�JY¥×¾1û¦ê›…í ÛûˬË�ìÀìàí¸³Óiç‘réò¼ò±]�»Ú+è�Å�¯wÇî¾ZiYY»‡°G¸g¤Ê¿ªs¯æÞ�{?T'Uß®qiݧ´oÛ¾¹ýìýC�œ�´Ô*×–Ô¾?È=x·Î«®½^»¾ò�æPÖ¡§
á
½ß2¾mjTl,iüx˜wxäHÈ‘ž&›¦¦£JGËšáfaóÔ±˜c7¾sÿ®³Å¨¥®•ÖZr����ö}Ü÷wNøè>É8ÙòƒÖ�ûÚ(mÅíP{nûLGRÇHgTçà)ßSÝ]ö]m?�ÿxø´Úéš3²gÊÎ�Î�ž]8—wnö|Æùé�‰�ƺc»�\Œ¼x«'¸§ÿ’ߥ+—=/_ìué=wÅáÊé«vWO]c\ë¸n}½½Ïª¯í'«ŸÚúûÛ�l�:oØÞè�\:xvÈièÂM÷›—oùܺ~{ÙíÁ;ËïÜ�Ž��¹Ë¾;y/õÞËûY÷ç�lxˆ~XüHêQåc¥Çõ?ëýÜ:b=rfÔ}´ïIè“�c¬±ç¿dþòa¼ð)ùiå„êDÓ¤ùäé)Ï©�ÏV<�žñ|~ºèWé_÷½Ð}ñÃoοõÍDÎŒ¿ä¿\ø½ô•Â«Ã¯-_wÏ�Í>~“öf~®øÂÛ#ï�ïzßG¼Ÿ˜Ïþ€ýPõQïc×'¿O��Ò��þ��˜óü
endstream
endobj
190 0 obj <>stream
xœ’]��A�†ß_‹|¦Hq!)¹”Rþ�ò™"Å…¤äBRJ÷Ø1sÖW›é¹8óœw¶ÝÙãyÿ/Dz�ù�NŽQ; sC×�XpKùvDÂé)Z�´¯(¬Ì“YpKÉ–:"Ä��šgáÙ�ï�¶�о´AýhÐÞJ�´¯ìPÝ�23ó>,¬d@çË[‡¾œ wùâÚ�Æç�È/
Ú[É€ö© ²sƒöV2 }´/—죽•�¼ü�šøPÐßë›`80>/A<>/Subtype/Link/Rect[102 726.75 287.4 738.34]>>
endobj
192 0 obj <>stream
xœUÛnÔ0�}÷WÌ# 0‰ãÜx�J�H *V q�ò&Þ!±S;iY¾†Oeìdi
¥‹(Ú‡Œ3gŽÏŒ³§äÑŠD—�V5y²"'ä”D4Jò�Î ƒç˜üLâ�^÷�#¨ / ç�:’fà~]ï±
Ù,Œ'4õ4¼œã6ÄiYPžá�1Ëx™4E´ày”�>K�3|–<
"oD½AbŽdøZ¶�Ÿ�gž€ÿ�‘àβd‘
aZ–~�—�„¢‰pÎw× /õ1—–��º.Q^Uè
óÓ�‹ã_ºâÂ+ÓÜo|pÿ²i�þ‡§Ž¿ŒfD›Ç°Ú 3}"�OÈJXuäÖª‘�6¦mÍù÷Û«Ïþb †z‡pO�G�±�E³t„�9¾—íb�%¸ÜC/-�Ð�åOZ&à$æ¥��‡£�¯áH®•ÐðL»A´-�™jì¤�Ä Œ¾y¸ËˆÓ¼�Üûî®AgEDÓôw4ƒ8»�ršå�ýÐV:“ t
oý�JÃ+k¶V:7�ÝØ�§à¯ßœA�Cæg�U�÷U·-q@pr͈#ïò�4�]9p²òÓ„Êà\•vPÏCvpÞ¨ª�a%h�Ñ[i¡�ÅdèqÊ�0�XK�¬ïÂz�üû�Sž¥Äh��¤t¢Æ¹ ÕŠu+щ�¬ÜHܪ’ж7N:0ºÝQ8Ƥü*º�ëQµ5lGU˽ÞFà�¬¥Ô§�÷Þkpc/-6!kXï@ŒƒéÄ€‹ZöÙuû®;¡ÅV†¥Û¹AvŽÎ;Ýü’^m1¬¡É4§c+OG¿5úª’õˆÖ‚�·žšóÁ¸0µF¶=*v_‚Öµpª:ìᔧ”Mž�u§´rƒ
wìÃíÃ×%e�MâPüFXeF�²WÙ_¨ôfi‘��Úà¹RøŽßœ]x=ìzU‰�Ì�†FB-vÂ{
ŸËacö›Ñþ˜ÕÐø¯�=¬—ØmyåUN(þÉþ‚Î�“€~l%�@oÃ�+Óï|üÎoÿ�›â?ÈüE��¡ÇÊ�bï£óL¾ÍéÍ'ß�îÐa§õƒÿõ•ø�'úš�ò�É©1‡
endstream
endobj
6 0 obj<>/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/Font<>>>/MediaBox[0 0 612 792]/Annots[191 0 R]>>
endobj
193 0 obj <>stream
xœÍWmoÛ6�þ®_q��´
V†ozK€¡����gM��È:�ŠD[Ì$*•ä&.öãw”äØNšŒ�: ��‘âÝó<$Gú“÷ËÔ£�Æ�¦™w8õ>xŸ‘á#À&¯nGÁEœÈ ƒûq:ý�Xîæ�ÄDú½ÛÉéѯG“5/qC‚HÞ!ì»9�L�¬w€��é�ôå¥Ä¸�å�sªfªV&µX‰IÚ¼j�ÇO%�ñ€’扙«Ë«%¢ÌëÄ´eò®É“¢*ߪ»–hÓªÚ$�Y1�£Ú݃¬ÔƉË��ÑÀõE_êl�9æd�…n�ø�Á�#muÙMà¹Êà$m…ÀÄ�‹÷��>eÜ
5ð‰ðרå·Aõ9�ò�‘á3ADoÿ��ܨ;¨US-êTa%ê¬YU¿4N|Jíöï`8=|¿÷¢�‘�&Ò~›¾ƒ¯�Ü3]9;9Øúþñ5˜†mE�ýã¤Á0rã�%áýbOÎÜ<‚.Ý['Ä>YʤmsuÛŽOæe¢�÷9–6ñ�K}ú�(ëíæˆÉ˜‹Q‚m�2ÊBJ±±¦j8rrNxŸ€–XÊ2ËŒÛ�–4&|”Ø(ήìcºÂÈv�@��„Å£Hã5eGÚÖK7ÊH��Ž¢Ä|�ݳî�ÞÝèZ¹q†”°`�§�ÖãtãòC†tw¬.�åî$MÒÜQª”„ÉQR?¾Ùh¸‘ FØó�d•&gÛßM#¶“�!Þ–��IÈÇ�RŸŒåc#øx���|Û�÷�¡}8íìì .{©Wëcê�$�¢gKPwºi�Gx±§ò‘ÎÁwÌíyûªË��#�Ãt3œwç¹2@7#ºëEÓ�³”ý�•)–€�Æêœîç¤V0ÓE×�m°{ŸÒ\«ÏÚÌ;kL{‹¢…jÖõ*ÍN“�Án’úo4Ûœ›'$bz�ŽE�™UxÚ�Ð3ÐÕÙZÙµšk{ÎöB�''Ç`o�h>¹8=#�$~¼šýi®–&8�ESÁ•ZM�ÌêªÄëæ�æú3r^�ÁÕ��Íj¬iu³ìã ƒ LL¶7Ð~'¦¬Ï�ï_�æ£Ê
endstream
endobj
194 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
195 0 obj <>stream
xœÍXmOÛH�þî_1'õC{R–}ñk‚ªr'Zq:è•D:©�EÆvb÷ìuj;
~LêÍÚNbC€%âC�wÖ;Ï3ë™å‡ñÇÄ àx�&¡q<1¾�?�J¨p,X��þ—ß
FáÔ¸¸¤��¦�ŽiBfX¶Y÷Òºgº„ª>¾ît›÷±ñ¯!
�꧘�¦C<�¸p�oaš~�4`œšÔQúõ¼ûòznlÌ�[€#lb)�ÓkûiÓ7‰¢V3¶½ö½R¥8H‰¿®²éQ$—p�E‹8V
¢ž��~ïªÞ{ÝŠ�aVÏ”Zm
]¿Í�ÛYK«æu,í[׃|¨Ú³îYíû�Ý[xoG�Vkr{LëÙœ®e×l°šÙ}i3WírÁ›u�ªëg[ïklyõÅý�FPP?ø…ñ�|�Àðd2˜ÌðÓ«���·Ö¢.ÁÍždÆÛŸï&ßÕ1~ZÁö,b:µÂm.£i•ç)¼‡8J��ä‹›©�ÕCr91í� Úö'�€�
b�z ¶GL«�¢§gÙ�?Woc=\�æpX–óô³èý%Ê þA�E4‹ŠH�‘�¼…Ûdš„—z„¦ &ï�>l‡e��Â<ó�ÙpÃaOºPæ
òE•äò��!zÔ�C�ëQ¯b\�>{��B¹ˆ‚d†[ a<þ�j�ò
çB�ãX�ÍüeZMQC˜9ÄܹäA2ìŠeTA"ƒér�úUTÂ,õçKd@F+Ð÷)j�áí¦ììÞ°¡ÜÈZؖLjpwc·®0Ü.§–aYF!Ìò¢v.(óe¡K†�aï$ëø€âCŠ©¿ˆ®§²¼ó—U>
eYFÁ]�&Õ4̓ÿî$ŠBÕ¶ˆ°žqÒ¦ÝuöK�ÛâDìö†ÇÚr�U��TI¦K"<"ÄËÃ…ID°�Qm��p•�#AžÁ•��ª8‘s’�zÇÀb‚ˆ�Øeœ¯�ì=�)%¼qó7“ÉßÀÍXKÏt�›àýæóùɧ“³>¹^<1í:ñ*”‘ž‚Ê^ÍÖàk�Ü›¶�9¦9.Z¬óÎö¥_Å�¬ôP8'œµ(�ƶy4½ºA”yáË*ó?”±ŸæÙ º®H"«¨~JÖ�DFÕÁQ˜%R‹z„·TÝ(Á(·)ׂ�žM˜·Å�Ô‰P0“x GË9–¶ÀÌ¡e�±Üå”i¢º‚0g‹š½�ªC ³_à�B0ÂÚ�½ƒ#�e�˜›P‰ /²�¡{8‹`.aí6ÿv~üqø"'���¬ZùÃ#�
ÏOÝÆŸzãßÞ‚,YÏa�ŒNý�=I‹š{œÐfÃÏÆz�ŽG¨ó¢ðºn™_a¢]Õ®o‘9Ö�©ŠtzŸ˜Û6¡ívŸÿ�‘ÒÖS´�¡z¹æ~S¾H].(Ea4ŽŠÄ×äÄë�m�Ñ
¶,�C©wˆ9w�}®|ÛÝìÚ̶0d¡wë9 gf=þ
¤Uq£G¹7Ÿén(GÇ׋¤Ð+t�¦$owÅö’5êqáÖk�Þi"“l™�œ�~�kšŠyÏÛ]“=×¾½ë�zd˜3½§Ç:úœûã²�ýУGˆ‰Õ{º>{œïCˆ9Ø{úH=NÈv�îsóî_”ÙCk��C�k>Íד��¼
ùi™ÃU¤*ÄD•ø�V†ª–kŠÅ�«‘æÞtuƒ�:æ¬ú*Ó”“ >³Ì—!Ÿ“8)×"¬’4�ÔSé�¯Y°©/~‰ÿP(/Æÿ&)[ä
endstream
endobj
196 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
197 0 obj <>stream
xœµTQo›0�~÷¯¸·nÑâalŒÙÃ�¦mÒ&í¡�Ó¤NSDŠ�hÁ¤@Tu¿¦?ug� ¡é�u«P¢;û¾Ïßï|C>Äă0ò!Nɧ˜œ“�âQ‡�Ü��¾âæ�a�|#?y�¡ ��J�Há¬ÂYBQÏÚ¸=2»ýŒü †0°_½&"¤‘�_�Oõ4Ý�Í�‹BÆ,ÞÅMý!6#+"9H\ujDÔÛ…³�¦¨²(Œ�ÛCŒ…{hyTâOY]²)ê�èJ*�GBÑ‹D³1t²Ý¹�‹h 'j�²gï�Ê¿Å�¤Õƒ£‘äC™‡ÄÇÐ�JŸ&x lR†ƒ;�™ãâáÀí¹èÎ/�?ðUGÖ…OÜ]´½+Û–»Ö�5Ù¸÷ö�Ù©y�Ÿ#Ã�ûaQpÒÞ~Æ�áx1ˆWX-»ÁÀ�rN£�â’¼j3
—Õ&×)\|¥ÎÍ�6Ûe‘7�.mM¡›�lÐïÊhÈ�¨õªÖn³`ÛàZK_ÇWv˜Ý‰>0$¦'z‘[Ä�?êB·ö˜Ä¤ðݤƒ{�4�¦#Ú¥bT° “�ßÁÇ�—AH•tàØ%^–VŪª!Ý“
©º%½°îâ�\²“Ë�Ê
•�F,ï
gu,Úª*à=�
,“tÞf¨˜Võzœúã\ž¤\9®�0= �Dœrù@ɨHð�VåQÞµâl6�p7 g{&£[z�¦jaƒ}§M{"¯�)�ÿ]m (çOÞƉd‚QÎ&©7ï&T0?–ü¿¿�ǧKà%�ßi�f7_O—�Uj7^E³èêî&í21øÈØw#…ÜಹښË6¯�Üæmæ^š�ßR¤p�O÷N��ÈaÞ��•)î M®uÓOú"O!©×Û�Ëû��÷ÚÕ�—0üZÛèÊj.·E›o
CN�Üìe7I©Áà_'õ�q‚SÕµ~“U·.¥Åò.?^-�‘æͦHîÜic�/ø8=§Ï,æœü�M¤fæ
endstream
endobj
7 0 obj<>>>/MediaBox[0 0 612 792]>>
endobj
198 0 obj <>stream
xœc`À���þ�Á��(wÂ(X�æ.ø���@Šÿ#� –
Èü
��ÿQ�é|tóÐíC8�â�$ Øýƒ��%†Ÿ
endstream
endobj
199 0 obj <>stream
xœ–wTT×�‡Ï½wz¡Í0�)Cï½
½7©ÒDa˜�`(��34±!¢��ED��A‚"�Œ†"±"Š…€`Á� Ä`�QQy3²Vtåå½——ß�g}kŸ½÷=gï}Öº�¼ý¹¼tX
€4ž€�âåJŒŠ¦cû��ð��Ì�`²23�B=ÀH>�nôL‘�ø"�€7wÄ+�7¼ƒètðÿIš•Á�ˆÒ�‰Ø‚ÍÉd‰¸PÄ©Ù‚�±}FÄÔø�1Ã(1óE��±¼˜��Ùð³Ï";‹™Æc‹X|æ�v�[Ì="Þš%äˆ�ñ�qQ�—“-â["ÖL�¦qEüV�›Æaf�€"‰í��+IĦ"&ñÃBÜD¼���)ñ+ŽÿŠ�œ�øRné�¹|nb’€®ËÒ£›ÙÚ2èÞœìTŽ@`�Äd¥0ùlº[zZ�“—�Àâ?KF\[º¨ÈÖf¶ÖÖFæÆf_�ê¿nþM‰{»H¯‚?÷�¢õ}±ý•_z=�ŒYQmv|±Åï� c3�ò÷¿Ø4�� )ê[ûÀW÷¡‰ç%I È°31ÉÎÎ6ærXÆâ‚þ¡ÿéð7ôÕ÷ŒÅéþ(�Ý“À�¦
è⺱ÒSÓ…|zf�“Å¡�ýyˆÿqà_ŸÃ0„“Àásx¢ˆpÑ”qy‰¢vóØ\�7GçòþS�ÿaØŸ´8×"Q�>�j¬1� �ä×>€¢���s@´�ýÑ7|8�¿¼�ՉŹÿ,èß³Âeâ%“›ø9Î-$ŒÎ�ò³�÷ÄÏ� ��H�*P�*@�è�#`�l€=p��À��‚0��V��H�i€�²A>Ø�Š@ Ø�vƒjP��@�h�'@�8
.€Ëà:¸�nƒ�`�Œƒç`�¼�ó��a!2D� UH�2€Ì!�ä�y@þP���ÅA‰���BùÐ&¨�*‡ª¡:¨ ú�:�]€®BƒÐ=h�š‚~‡ÞÃ�L‚©°2¬
›À�Ø�öƒÃà•p"¼�΃�áíp�\��ƒÛá�ðuø6<�?‡g�€���¢†�!�Ä
D¢‘�„¬CŠ‘J¤�iAº^ä&2‚L#ïP���EG�¡ìQÞ¨å(�j5j�ª�U:‚jGõ n¢FQ3¨Oh2Z m€¶Cû #щèlt�º�݈nC_BßF£ß`0��F�cƒñÆDa’1k0¥˜ý˜VÌyÌ f�3‹Åb�°�X�l –‰�`‹°{±Ç°ç°CØqì[��§Š3Çyâ¢q<\�®�w�w�7„›ÀÍã¥ðZx;| žÏÅ—á�ð]ø�ü8~ž MÐ!8�Â�É„„*B�á�á!á�‘HT'Ú�ƒ‰\â�b�ñ8ñ
q”øŽ$CÒ'¹‘bHBÒvÒaÒyÒ=Ò+2™¬Mv&G“�äíä&òEòcò[ Š„±„�[b½DD»ÄÄ�I¼¤–¤‹ä*É<ÉJÉ“’�’ÓRx)m)7)¦Ô:©�©SRÃR³Ò�i3é@é4éRé£ÒW¥'e°2Ú2�2l™B™C2�eÆ(�EƒâFaQ6Q�(—(ãT�U‡êCM¦–P¿£öSgded-eÃesdkdÏÈŽÐ�š6͇–J+£ Ý¡½—S–s‘ãÈm“k‘�’›“_"ï,Ï‘/–o•¿-ÿ^®à¡¢°S¡Cá‘"JQ_1X1[ñ€â%Åé%Ô%öKXKŠ—œXr_ VÒW
QZ£tH©OiVYEÙK9Cy¯òEåi�šŠ³J²J…ÊY•)UŠª£*WµBõœê3º,Ý…žJ¯¢÷ÐgÔ”Ô¼Õ„jujýjóê:êËÕ�Ô[Õ�i�4�� ���Ý�3šªš�šùšÍš÷µðZ�$=Z½ZsÚ:Ú�Ú[´;´'uäu|tòtšu�ê’utWëÖëÞÒÃè1ôRôöëÝЇõô“ôkô��`�k�®Á~ƒAC´¡!Ï°Þp؈däb”eÔl4jL3ö7.0î0~a¢i�m²Ó¤×ä“©•iªiƒé�3�3_³�³.³ßÍõÍYæ5æ·,È�ž�ë-:-^Z�Xr,�XÞµ¢X�Xm±ê¶úhmcÍ·n±ž²Ñ´‰³Ùg3Ì 2‚�¥Œ+¶h[WÛõ¶§mßÙYÛ ìNØýfodŸbÔ~r©ÎRÎÒ†¥c�ê�L‡:‡�GºcœãAÇ�'5'¦S½Ó�g
g¶s£ó„‹žK²Ë1—�®¦®|×6×97;·µnçÝ�w/÷b÷~��å�Õ�=Õ=�=›=g¼¬¼Öx÷F{ûyïô�öQöaù4ùÌøÚø®õíñ#ù…úUû=ñ×÷çûw�À�¾�»��.ÓZÆ[Ö���}�w�>
Ò Z�ôc0&8(¸&øiˆYH~Ho(%46ôhè›0×°²°�Ëu—�—w‡K†Ç„7…ÏE¸G”GŒDšD®¼�¥�ÅêŒÆF‡G7FÏ®ðX±{ÅxŒULQÌ•:+sV^]¥¸*uÕ™XÉXfìÉ8t\DÜѸ�Ì@f=s6Þ'~_ü�˵‡õœíÌ®`Oq�8圉�‡„ò„ÉD‡Ä]‰SINI•IÓ\7n5÷e²wrmò\J`Êá”…ÔˆÔÖ4\Z\Ú)ž�/…ד®’ž“>˜aQ”1²ÚnõîÕ3|?~c&”¹2³S@�ýLõ u…›…£YŽY5Yo³Ã³OæHçðrúrõs·åNäyæ}»�µ†µ¦;_-cþèZ—µuë uñëº×k¬/\?¾ÁkÑ„)�*0-(/x½)bSW¡rá†Â±Í^››‹$ŠøEÃ[ì·ÔnEmåníßf±mï¶OÅìâk%¦%•%�JY¥×¾1û¦ê›…í ÛûˬË�ìÀìàí¸³Óiç‘réò¼ò±]�»Ú+è�Å�¯wÇî¾ZiYY»‡°G¸g¤Ê¿ªs¯æÞ�{?T'Uß®qiݧ´oÛ¾¹ýìýC�œ�´Ô*×–Ô¾?È=x·Î«®½^»¾ò�æPÖ¡§
á
½ß2¾mjTl,iüx˜wxäHÈ‘ž&›¦¦£JGËšáfaóÔ±˜c7¾sÿ®³Å¨¥®•ÖZr����ö}Ü÷wNøè>É8ÙòƒÖ�ûÚ(mÅíP{nûLGRÇHgTçà)ßSÝ]ö]m?�ÿxø´Úéš3²gÊÎ�Î�ž]8—wnö|Æùé�‰�ƺc»�\Œ¼x«'¸§ÿ’ߥ+—=/_ìué=wÅáÊé«vWO]c\ë¸n}½½Ïª¯í'«ŸÚúûÛ�l�:oØÞè�\:xvÈièÂM÷›—oùܺ~{ÙíÁ;ËïÜ�Ž��¹Ë¾;y/õÞËûY÷ç�lxˆ~XüHêQåc¥Çõ?ëýÜ:b=rfÔ}´ïIè“�c¬±ç¿dþòa¼ð)ùiå„êDÓ¤ùäé)Ï©�ÏV<�žñ|~ºèWé_÷½Ð}ñÃoοõÍDÎŒ¿ä¿\ø½ô•Â«Ã¯-_wÏ�Í>~“öf~®øÂÛ#ï�ïzßG¼Ÿ˜Ïþ€ýPõQïc×'¿O��Ò��þ��˜óü
endstream
endobj
200 0 obj <>stream
xœ’]��A�†ß_‹|¦Hq!)¹”Rþ�ò™"Å…¤äBRJ÷Ø1sÖW›é¹8óœw¶ÝÙãyÿ/Dz�ù�NŽQ; sC×�XpKùvDÂé)Z�´¯(¬Ì“YpKÉ–:"Ä��šgáÙ�ï�¶�о´AýhÐÞJ�´¯ìPÝ�23ó>,¬d@çË[‡¾œ wùâÚ�Æç�È/
Ú[É€ö© ²sƒöV2 }´/—죽•�¼ü�šøPÐßë›`80>stream
xœåWínÛ6�ý¯§¸�ö£-�†¤¨/{(š¡ÙaM×ÄC~ `-Ùb!Q©$×q±‡é£î’’�)NRÅ-Š�“aˆ�yϹä=¼$?:¿Î�
AÄa�;‡3ç¥óÑ¡„º�k‡Ã�ØøÁa�ž;oÞQˆ��B �äŽç�[ÊlI„„š26÷ŠM{ê¼r´ÃÀüÊ¥#��ùÀ=F;˜¦Ü�í1�Qæ�{Ûïz½ë›:�Çw!p}â���µåÌ–Y�Ú2vé�»�Ƙ��”øø�W·b…„{XõHЀ˜÷e��õM¯57U�D�càŒ5lÁÛöüŽîý!µ¦QÏß¡CØ�Œ�^~Ý~ËkS0ˆnÀ,�÷;lj{7õ¬«³0lÀšîת—½MœŒ /EדW_uWZl¼±3ÇÚPšR; .#"hg¶_¶=�S”ƒ�¨•E$�Çw$<Ö*d�Л”¶�`t˜�5B�½J§°ÆdÐÔT\N¢ëôD‚«öüŽÞƒQ\ª«ó±ïÙ�ò&ÃÝ‚õÝÕøƒ5ó��5�óC…aJßÿ
]Ä<Î`¶ÀÅi��`�0V4$8°Yî<ø\èä¬.Š�ž@VÅI–ÔI�ïe¼W§J/É£‡³�fW¸�Ñ<3/�ñÊ´(—�¶�F™@öæ‘ZÖiQ§ãXBN„¿åw•�ë3ûáýFÅ-þ8@Tµð,àϳٟÀÅHG<Ÿ`$Ý‹“£ßŽa8ìq(.æ�fQ¦ã�X@�Ö)¼ÆñNÚIÜ…›
âF-ÖI²HÊDÏ
à½�âEŒ¸a‹2O¥^š� ʲ”ºÎåÓ*•Y‘ï%�5QºNJ-3Ò1�Ôû�q®ô8.|¹~ËõY©xÒé‰û”Ãð=âzW�óZåv�gé
�VKàh*&ž˜Ð�8e#Q=N\q…šw¨¯p%YT“N&ŒNð�3�Õˆë^¡ž�TÜXÝûhN„�áÍÊžþ��çÉ�”IU¬Êy‚…yQÆ�,Šr�
Š@�ÞFô§“Ãß&÷ÒžðíIÁX?½!˘�—¥}N_��¾¿}�ºb�!�˜>—�*t�·ÉÍMÄOÇY`¢æM4oqöÖ'—u&k»¤<²Ì¥ÊȼÈGÎ1ç„·ñ>ù��c=ÎâF³“¿F‹4ä.¥X™ž&¥’ã(ÝÈ'¬ÉI�|ò<Žõ¸Üà†.aÁNÞúÖÍö™b&Du� �PÂüïBZ—›q”^@˜·#¥�/Y§‡�çªLÆq
A˜øæaŽãÂã�ksÞs¥U¾Ê÷çržŽt•…„±\}û°W�GF=r7W—~ŽO‡ßuå�sÏ(>�qB£� ù.„xÔ¤w/ªÛ Ù.„x3¤bëx·ÒÍ©Ô�ñîsºã< ”ßp̽÷ñ–3a¿o�oÇY·¦}'ZÃ�|Mù�æ>k\ã�âuÝóažÃ¾Ê—¸lž�ðòÚ
‚m�‰Qj.€˜ˆ¢&�=k¯�ft�¬U–A*?%€{–*áõQ�ç²Äö¸Xk¨�X§²†µ¬L�8_½ÏT•bóë#�Ü!¢�Ë
Æhczô'øvo0EEp>Éùj•ŸIô�÷È\êø12ªy
ª‚y‰>ÆƉr¥‘Ee�ò
�Î�ÇY'QÔ÷�q�ºÜ^Œ�cU£n@Ú³ûW�†¦¡ß©÷ïÊN'$ˆÐ¬‚_â�wr½§ež<ùòÆ|ÛSºª%�âßu#'ðåh�›b���XU†ÜÀÄÉB®²�>©|O���¶(�ƒªmø¾îYàv«!.‹sË€§û�GVmt-/ UË4ÿÑEÒ�»JªJ��j þŸ·~cóÒù�¨§¾
endstream
endobj
8 0 obj<>/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]/Font<>>>/MediaBox[0 0 612 792]>>
endobj
202 0 obj <>stream
xœ[isÛÈ�ýÎ_1NìÈÞ²!�ĥʱöÆÙ8UNew•ì‡8[�‘C��� �Åõ¿ñOMÏ==�ŠHÊe‹=œ~Ýý^Ï��ùaõîz�’¼ŒÉõvõþzõÃêa��a’§ä¸ŠÉßàËÏ«($�WÿþOH¶«uAòõš´«4[óO
ÿ´.‚}†¯âûýêçU·Š�û3Ü®ÖyPf$N‹0”0â³�z�EE�•ÌŸÏsm5w¿ÚAžå�¾&îO�¤ iX��Ë4 3e4ÜX�yæ*[óYObà–—ÈR+ê•n��E���Y–åÄý)hÈ�˜]�q$’�’BÙ±‹`‰êùti�ø7Ž�ÃH-ÌFÙ,½Ø@*Ó†`ce
�"Œ4�Ë<�à”�âÛU�S9`4�?EþÀ-�ж¬[Ï·yÀN�$AÊÄ�älX��±‡R/ˆ[Î)m
©éœ�¤CëÈ4ÇðÓš-)&f›¯µ£iÛ�‰aÛK3Ý�Òl´ù�„SŠi�Ña�òp��¡
�«4WÁK¨+Õ��$A‘å|œ‰�”lh
%�.¥^�·œ�ÚZ¤¦sN�#Ó�ÃOk¶¨˜,�Rk_Ó6�Éò 1íÁ-�õI�§�Õ�ª¿
äá�Útj�¬Ñ\�/®°º�4H‚"«ù(�=(¸Ðü 2\:½�n1§t5”¦sFl�Z¬Ð�ÁOi¶ u�ÄÖ~¦m�±ÎØã�Ý�ÂÔQŸ„Àe¨NU ù��¢Rú#qæì{‰t�ÕM ��UÍFYèAɃ&O�á’é�qJ9¡¨!3³øo�yæ�~B³E¥Äë ´÷1e#��ÌsÓ�Âl,ó4„SŠj�ÕY�òp��
�k4×ÀK¨+¬î�
’ Èj>ÊÄ�älX�湇R/ˆ[Î)m
©éœ�¤CëÈ4ÇðÓš-*&ŒƒÜÞË”@Â$HÍÓ
iê¸OB8¥˜†��V ����ª�°Js�¼„ºÒZý A��YÍG™èAɆ¦PÒáRê�qË9¥!5s‚th�™æ�~Z³%ÅD¹Õ´Â°Ýa$Èͳ
i6Æô:;é«&P]U˜é6�¢OùbMæœ{és…ÔêkÄ„•“�̈¨ÝP%ŠGÔÍÝÝ�N¨§ÈK���Ó#„ãí¡/[”:Û\mí”@`°4Ï0¤ÙXæi�§�-¹ìž�y8€6‰��kâÐ>'Ñ•Ð(®Ü��SÍG9Xƒ¥u˯‰pÉô‚¸…œÒÓЙÎÙ@
´Ž@s�?¡Ù¢b¢,X[û”¶�H”�±y~!M�÷I�§�Ó
¥y~¡=�@D¨BÀ*ÍUð�êJkõCi=¿Ð‘Õ|”‰�”lh
%�.¥^�·œSÚ�RÓ9'H‡Ö‘iŽá§5[RL™¢�8Ê´!`¬4�/„Õ�뤻S„j�Õ[…í€Ñ�‘Ê�«3gßK¤+©î�
’Øåt”‡�+û|EƒC£�À-ä„š†ÊtÆ…M}‹u™ù{©ÌΗ�÷nkk�S¦
±7Pª�2ûEÝSÎ8y{ižP¨é�Ë&Oy#1ftû¨sä3‚—Ö“ �RNF�¨1Q»"�½š{ÊÝ)À¯¡/1 ^7²yÖë5ö¯ykÊçè·¦ÒÂoM•jàÌ¢)ÐûNe¢¤´_˜
KïÖ-û»9��í¦Ë-½©«.€�Âþî«‘ÜPÚ‘‘NäpOvýpõêú3ûU��ŒeâF
‹ [óHÌ©ë7}{_MõMCÉoÈ?GJþ�À[º«�Í4’º�'ZmI¿;ƒ›�ü7K�n�†/ =¢ë¦ž¾œsÏJv»®Òº©6wã}µ¡¨»-�þšöÍëqª† ’lû’ûþH‡Ý¡9‡».ÙU�ÃU˜uw{Î)Ž‚R8}µ§úµKa/Èc>û¸¯7{ÒÒª�ɇn¤nÛo)h´¯�éHšúŽ’
H�Úª!t[Oý�·ÃÐ�É�ý2’m�_NdWwõ¸gäkˆ‘ŽcÝw�y§¨YY�7a�Ï¬ê¶ jC'ª~T›¡�YJ�%´ÛŽäXO{H®éoë
d7RˆN Á¦žlën&�_1)Éq�-Ww(?:m�òéåÏ{z|F@©n[
Û�)‚î©h|è˜7_Ÿ}ûÛç/¾}þâwÏ_üò
ûü�yC6UwÁIÙ’3ˆqž�¥
ú�²�èØ7ôœo’�ìرë�ÜÏ��‹½ÄnÓP}�¾úá˧W¶wìI8ÉY«YÞ m×ÑáŒ_�§NT!�htγ(ÙÑey�ûán\ �\�' ÷x;A£´uwh�-ùÒ�@ðºi�krÖ.w�ôsuÓ�&rud�#|ñš°�¼z`öីɾ�ÈÅûŸ¾» õHªfìÉa¤°®Ù4Ð}C›�™%qˆ>�û–N{Xâ¤Þñ̘qÇ?ñìî¡�F
õ¼ãÐw·"9�I…Ìì¾f»�ûâ±��°*`OkÙTö]° 38h�eÿ`Y¼‹Ã�[;�Ç82ò��,þiOIS�Ùì«î�8㋲…¸¾‡
šÏM�Zz�»¢œEöõÈšMå�Ñáâ&�ÖúÐñ´A*�ÒrÍž°�Ù¶Ïö sí�EŽãÛÕuø°;�7O‚Xt�h¿0¤ñ�Aä©È5� ¹vÖ¶�?× 9ã�f,-,�Õ�l¨.:V,L/ºõu¿ƒ]°š�}¤�Ÿ�‡5Ûº��kœXôÅx�GÝžŸ� =?ç G?½Ä}òéU@x�-�’¬Ù~Æ‚è�šê�Ž!�…oŒÕ¨â�#mv¤¿§CÅä$‹ù‚³2¶Dièö5c¥�ÎûÃížô0*ÖvÃëì(å+mÛ/���,QÉ#”é�F<[$¬€\ƒ¬d„8Í�Ö�\ªÔ›»�XÊ_€¶`�|�§w”sø�ß|ÿñÝû�Éõ_?üô�è‡�i¬v�N¼á�äÁvw�jGÏð®îYù¢É“|�„™ØœÏ=2�ãñ}ÏH²w¢Ýз²�–…gû5Ǻ:.�¯=> Æ{Í÷i8€›s��22ܧb
]Ñg�c�Ÿ-ª‰7ŒØàFØøà€�;#KeQ�1»�Ê^=,KÂraGÔ²0L³H†YX¬å�»Ó���?�åfÃw�Q¹uP-K&ÙSL!úÒ¢–™�‡<§Çs+�'Q°�«ôò÷�½¥¿Þÿqaxã9Òj€ëg ä��ç.Id`�Å�ô§ÿ1°ñ”Ùî¾>>>/MediaBox[0 0 612 792]>>
endobj
204 0 obj <>stream
xœÕZmÛÆ�þ®_±��Ø)Î{|¹+Œ\€$HÑ8‰}mÖµ!K”N1)*$eYA|f¹¯³\Þí5ɇêŒ;Îjç™™ç™]®Dÿ¼øòv�¼ŒÈízñÕíâÇÅÏ‹€�qž’Ó""…7Z„�ùnñïÿ�d½H
’' i�i–ŒWõx•�4`×ð¶qÉß¿[üs±_„„ýtÛE’Ó2#Q–Ào�ï9Ðó0̳(fþã<Û–sï��ȳȲ,'ö_�$‹Y|���%�2v!ìZÛ1›V«éÂ�ð?[>�#50ke‡ „50¥@B˜��ˆ�ÄM�÷^�«� ׬D˜ÒÃ��9¤��hF�Ê�Õ«ù&�؉Ĉ
iËÈr>ÊD
6�…‚�›R'ˆ]Îœ¶šÔtÊ Ò¡±dšb¸iÍ|ŠÉJ FCJÓ„ÈJH=UÝ!ÌZ™ó�V�²�dw�¦�FCTJ¬Ï”'•¶¨ª��Hl��ÓQ�jLð ¨�DXTº ìRf�Õd¦�6�û%Î�ÁIgæUFZÒ86�¥@2Ø…�Ý�ÜTaï…°
‘m »ª@�� I¦BÀúL�p‘iKªº@AÄ(®œòƒ’��H’a�ê�±‹™ÓUSšN�A*4–HS�7©™W1QJ�3/i#��4šc´jÚ�°
�Í º«@�� ¢S"`¦�8é´…•Ý Ab�YÎG™�ƒ&Ÿ‚�›N'„]Ìœ®šÒtʈ)Bƒ�š"¸)Í�.$-3�•�QÙ&DZæìð%�C˜µ2ïƒÀeèNÐ}¡æ[pˆJáÄ™²ï$Ò�Ôh�£'TT1�g¡���Š