From 38b43ac575962b045a6a66c17a2e28a47a93fa9a Mon Sep 17 00:00:00 2001
From: Adam Saleh <asaleh@redhat.com>
Date: Tue, 16 Mar 2021 14:30:43 +0100
Subject: [PATCH] Added zabbix playbook

---
 playbooks/groups/bodhi-backend.yml            |   5 ++
 roles/zabbix/zabbix-agent/defaults/main.yml   |   8 ++
 .../scripts/zabbix-check-eth-settings.sh      |  18 ++++
 .../files/scripts/zabbix-check-iptables.sh    |  11 +++
 .../files/scripts/zabbix-check-ro.sh          |   7 ++
 .../files/scripts/zabbix-hw-raid-check.sh     |  77 ++++++++++++++++++
 .../files/scripts/zabbix-mdstat-check.sh      |  16 ++++
 .../files/selinux/8/centos-zabbix-agent.pp    | Bin 0 -> 83331 bytes
 .../files/selinux/8/centos-zabbix-agent.te    |  20 +++++
 roles/zabbix/zabbix-agent/handlers/main.yml   |   6 ++
 roles/zabbix/zabbix-agent/meta/main.yml       |   0
 roles/zabbix/zabbix-agent/tasks/main.yml      |  72 ++++++++++++++++
 roles/zabbix/zabbix-agent/tasks/tools.yml     |  25 ++++++
 .../templates/interface-alias.conf.j2         |   2 +
 .../scripts/zabbix-conntrack-check.sh.j2      |   4 +
 .../templates/zabbix_agentd.conf.j2           |  19 +++++
 roles/zabbix/zabbix-agent/vars/CentOS-8.yml   |   8 ++
 roles/zabbix/zabbix-agent/vars/Fedora.yml     |   8 ++
 roles/zabbix/zabbix-agent/vars/RedHat-8.yml   |   1 +
 roles/zabbix/zabbix-agent/vars/common.yml     |   8 ++
 20 files changed, 315 insertions(+)
 create mode 100644 roles/zabbix/zabbix-agent/defaults/main.yml
 create mode 100644 roles/zabbix/zabbix-agent/files/scripts/zabbix-check-eth-settings.sh
 create mode 100644 roles/zabbix/zabbix-agent/files/scripts/zabbix-check-iptables.sh
 create mode 100644 roles/zabbix/zabbix-agent/files/scripts/zabbix-check-ro.sh
 create mode 100644 roles/zabbix/zabbix-agent/files/scripts/zabbix-hw-raid-check.sh
 create mode 100644 roles/zabbix/zabbix-agent/files/scripts/zabbix-mdstat-check.sh
 create mode 100644 roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.pp
 create mode 100644 roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.te
 create mode 100644 roles/zabbix/zabbix-agent/handlers/main.yml
 create mode 100644 roles/zabbix/zabbix-agent/meta/main.yml
 create mode 100644 roles/zabbix/zabbix-agent/tasks/main.yml
 create mode 100644 roles/zabbix/zabbix-agent/tasks/tools.yml
 create mode 100644 roles/zabbix/zabbix-agent/templates/interface-alias.conf.j2
 create mode 100644 roles/zabbix/zabbix-agent/templates/scripts/zabbix-conntrack-check.sh.j2
 create mode 100644 roles/zabbix/zabbix-agent/templates/zabbix_agentd.conf.j2
 create mode 100644 roles/zabbix/zabbix-agent/vars/CentOS-8.yml
 create mode 100644 roles/zabbix/zabbix-agent/vars/Fedora.yml
 create mode 120000 roles/zabbix/zabbix-agent/vars/RedHat-8.yml
 create mode 100644 roles/zabbix/zabbix-agent/vars/common.yml

diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml
index 9c838ec7fc..72a23b50e9 100644
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@@ -111,6 +111,11 @@
       warning: 10
       critical: 100
 
+  - role: zabbix/zabbix-agent
+    zabbix_server: apache
+    zabbix_server_ip: apache
+    when: env == "staging"
+
   tasks:
   - name: create secondary volume dir for stg bodhi
     file: dest=/mnt/koji/vol state=directory owner=apache group=apache mode=0755
diff --git a/roles/zabbix/zabbix-agent/defaults/main.yml b/roles/zabbix/zabbix-agent/defaults/main.yml
new file mode 100644
index 0000000000..f068412946
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/defaults/main.yml
@@ -0,0 +1,8 @@
+# Defaults variables for role zabbix-agent
+zabbix_server: zabbix01.stg.iad2.fedoraproject.org
+
+# TLS/PSK settings to encrypt between agent and proxy/server
+zabbix_agent_tls: False
+zabbix_agent_tls_psk:           # gen with `openssl rand -hex 32` and also known by zabbix server
+zabbix_agent_tls_psk_identity:  # Whatever makes sense to you and known by zabbix server
+
diff --git a/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-eth-settings.sh b/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-eth-settings.sh
new file mode 100644
index 0000000000..ea7c5529f9
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-eth-settings.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
+uname -a|grep -q xen >/dev/null
+if [ "$?" -eq "0" ] ;then
+ eth_dev=p$(ip route|grep default|awk '{print $5}')
+else
+ eth_dev=$(ip route|grep default|awk '{print $5}')
+fi
+
+lsmod |grep -q -E 'virtio_net|xen_net'
+if [ "$?" -eq "1" ] ;then
+  zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k eth_dev.speed -o $(ethtool $eth_dev|grep Speed|awk '{print $2}'|tr -d [:alpha:]|tr -d '/') >/dev/null
+  zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k eth_dev.duplex -o $(ethtool $eth_dev|grep Duplex|awk '{print $2}') >/dev/null
+fi
+
+
+
+
diff --git a/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-iptables.sh b/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-iptables.sh
new file mode 100644
index 0000000000..e709fb4a5d
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-iptables.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# called by Zabbix to see if iptables is running
+PATH=$PATH:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
+
+if [ $( iptables -n -L INPUT|wc -l ) -gt 6 ] ; then
+  iptablesstatus="0"
+else
+  iptablesstatus="1"
+fi
+
+zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k net.iptables.status -o $iptablesstatus >/dev/null
diff --git a/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-ro.sh b/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-ro.sh
new file mode 100644
index 0000000000..6951e9ec7d
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/files/scripts/zabbix-check-ro.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+logfile="/var/log/centos-ro-devices"
+
+ro_mounted_devices=$(awk '$4 ~ "^ro[,$]" && $3 !~ "(squashfs|iso9660|tmpfs|nfs)" {print $0}' /proc/mounts | wc -l)
+zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k devices.ro -o $ro_mounted_devices >/dev/null
+echo "=== $(date) === Read-Only devices on this system $(hostname)" >> $logfile
+awk '$4 ~ "^ro[,$]" && $3 !~ "(squashfs|iso9660|tmpfs|nfs)" {print $0}    ' /proc/mounts >> $logfile
diff --git a/roles/zabbix/zabbix-agent/files/scripts/zabbix-hw-raid-check.sh b/roles/zabbix/zabbix-agent/files/scripts/zabbix-hw-raid-check.sh
new file mode 100644
index 0000000000..b187fb8256
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/files/scripts/zabbix-hw-raid-check.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+PATH=$PATH:/usr/local/bin:/sbin:/usr/sbin/
+
+function init_log() {
+logfile=/var/log/centos-hw-raid.log
+echo "=========================================================" > $logfile
+echo " CentOS Hardware Raid check - $(date +%Y%m%d-%H%M)" >> $logfile
+echo "=========================================================" >> $logfile
+}
+
+function 3w_xxxx_check() {
+echo "3ware controller found .. launching raid check" >> $logfile
+for controller in $(tw_cli show |grep ^c|awk '{print $1}') ;
+do
+  for disk in $(tw_cli /${controller} show |grep ^p|awk '{print $1}') ;
+  do
+    tw_cli /${controller} show |grep ^${disk}|egrep -q 'OK|NOT-PRESENT'
+    if [ "$?" -ne "0" ] ;then
+      tw_cli /${controller} show >> $logfile
+      zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k hwraid.3ware -o 1 >/dev/null
+      exit 1
+    else
+      echo "3ware controller ${controller} / array ${array} status : OK" >> $logfile
+      zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k hwraid.3ware -o 0 >/dev/null  
+    fi
+  done
+done
+}
+
+function 3w_9xxx_check() {
+ 3w_xxxx_check
+}
+
+function arcmsr_check() {
+echo "ARECA controller found .. launching raid check" >> $logfile
+for array in $(areca-cli rsf info|egrep -v 'Name|=|GuiErr'|awk '{print $1}') ;
+do
+  areca-cli rsf info raid=${array}|grep -q Normal
+  if [ "$?" -ne "0" ] ;then
+    areca-cli rsf info raid=${array} >> $logfile
+    zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k hwraid.arcmsr -o 1 >/dev/null
+    exit 1
+  else
+    echo "Areca array ${array} status : OK" >> $logfile
+    zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k hwraid.arcmsr -o 0 >/dev/null  
+  fi
+done
+}
+
+function megaraid_sas_check() {
+echo "Megaraid_sas controller found .. launching raid check" >> $logfile
+for LDid in $(/opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -Lall -aALL|grep "Virtual Drive:"|awk '{print $3}') ;
+do
+  /opt/MegaRAID/MegaCli/MegaCli64 -LDInfo -L${LDid} -aALL|grep -q Optimal 
+  if [ "$?" -ne "0" ] ;then
+    /opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -aALL >>$logfile
+    zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k hwraid.megaraid -o 1 >/dev/null
+    exit 1
+  else
+    echo "Megaraid_sas array ${array} status : OK" >> $logfile
+    /opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -aALL >>$logfile
+    zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k hwraid.megaraid -o 0 >/dev/null  
+  fi
+done
+}
+
+init_log
+
+# Ensuring sg kmod is loaded, as needed by those tools ...
+lsmod|grep -q sg || modprobe sg
+
+for kmod in 3w_9xxx 3w_xxxx arcmsr megaraid_sas; do
+  /sbin/lsmod |grep -q ${kmod}
+  if [ "$?" = "0" ];then
+    ${kmod}_check
+  fi
+done
diff --git a/roles/zabbix/zabbix-agent/files/scripts/zabbix-mdstat-check.sh b/roles/zabbix/zabbix-agent/files/scripts/zabbix-mdstat-check.sh
new file mode 100644
index 0000000000..0134ca83bc
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/files/scripts/zabbix-mdstat-check.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+grep md /proc/mdstat >/dev/null 2>&1
+if [ $? = "0" ] ;then
+  for mddev in $( grep md /proc/mdstat |awk '{print $1}') ;
+  do
+    md_count=$(/sbin/mdadm --detail /dev/${mddev}|grep Failed|cut -f 2 -d ":"|tr -d [:blank:])
+    if [ $md_count > "0" ] ;then
+      zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k mdstat.failed -o $md_count >/dev/null
+      exit
+    else
+      zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k mdstat.failed -o 0 >/dev/null
+    fi
+  done
+fi
+
diff --git a/roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.pp b/roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.pp
new file mode 100644
index 0000000000000000000000000000000000000000..a79a0fa2e6adadc2d3834e469687a1c4c3a6fe17
GIT binary patch
literal 83331
zcmeI51$5-d*|nW7JYnXflL^cwvlCmaFl;usn@u(wP8?ZXwiS0vy^?x74l^?|Gcz+Y
zGcz;u{O8u~dfnZAJv)<lCi8Esb9~&ls#NvdQmLw>R+k>V{~mum!_3Ug|IN(ITySP)
z<}JsbVdjzh@A233%*@Q3e1p!-igLKGb3)Y}_6(9-U}k0p$<H>!4LUbvTQ$etEn8S9
z_8pronX*0O%*@Q(p1JFcQjKpp_L!NOIqxX&l$n{Ci;VuTE%b(_t*Ul;zNzvRW3xKP
z%*;$b8=PfkW@g9C%uF^In6i7OnVFe$Vuzyao^@ts=3L0QDoc~MNQmgXHd$-VJTo%`
zpw+r)4YC4!ZF<>)=`Ge(AMx;1RC(Jw`v|4X`eq(kBQI1;W6Ew@Vb=@U-SfTk{bmXJ
z!lPJdfFQpm(`Id3Ln4EQ5+6~qS)QALr9>?(nYJ3V;6)ABCbMOpkGoZa7G<0tYI)dp
ztJM-3^<JBNFZi)13hGt)3h?nave#B9^4y3ln%0ysg6;A%Gc%VQ{b4Ij+bhbI`E1xN
z+Km;DO1n6c_4>`yJn~*czW?d5KvjT(*|zN(%Rl5p1b>&1d{BXdy4Z_sE+(P&-~;+}
zb1YH&7ZrbSjSy_EUQxH$+I+C_m~O=ZRE`uF&{WvO(LB){!8tlN+v>pQ8<N|DS#@~=
zqG{XXXjYNMkvfLxT5RJ)M=)YPBIhUy!G=meZMvh{Z<bC)<)A*Yrm6BGYi)~0-?iS;
zp?+**M_P0h!?M_Cn+JA857RYGTUTq4=oZJiDil5Hs_+p93hfFhL1D^Mhh}K-5t-YJ
zrBlUrlc~PEt{QX1THb-1)sbp8N2H0s3^s2x&bcOo@ygUVEA4pJADFtS%B(eL2T0V`
zS=lTadvwth@~qcGZ-I8um=^84HT&B6{!)z~Y&iHhq49^UTi7TR($5B{bd270zgyVh
z4UL22GaykWn<lbBNoJqPho?OzV@C|=7?qF_&c<O0HF1~`jJ|>67W$l~0U0{^+Vrcv
zW*+A+3deq9O&ytznz|cLvu@X>hUOSQ$ZAuzt_FbKuk5^Ie4xhYQyUb6JUJQ2>U<d%
zu&X*OBLZW3zZ#ZpWzTu^k=4MIh{E81>ac3F${uUX5}MU)z=YWLjE*smGq!=@L50S=
z0F{94R#RtWTMY8;GZIIBYbRD{GuTk?Xgm1Bw$NLdUo3hCXVd7EK`S}(X9>=T@v{W2
zZ1YnBv9NHOP5w|DIp(dW*~ndGqL#)l4f5ss=%`FUjaMc>QNgBc>$O2uu+KQ$)r(#M
z^*QQN=gVr|_U}sHf?nw~tKIeZml}=l7~`=OgZ#fU??AOqPBajL?FLgVqZsVl?$r)o
zuZDv#-mCS>?Otts=su`k4dXkuaH{RPYwyuDMpbXO<gIVX=o7JF;&z$QAGSeVVa|v#
z8S}U$)8@R-gt=;Cl^ZFWVyS5>EA4c-Sjv}s_Hq>&E}6FO75$<`uW#pT%UNxwlDLRO
z7rkt<0s1e@SCR9u#^e%{0yLk-w2KX=%9zxm4{l7mV%8W2K%9Y1u~d}Hm>Huvb=OMU
z;}>mF+4}*ow;qDQ856?As$N0KC~L{IjcJ-udJI}+m9>q@hqaw1W1ps2S}A%x7)QBH
zu~ZIw_Rbh*w<D*B$3%5BtH!8}jshj*%f?<c+S^v9g?&T=q8W>Z(<RdmmI|91wi-&5
zi#-Nyo#pmY7MH`wr)e|Z=CYR^w#r8}a_Ld-Rlc%bX@G=*%-X?43^M7PJ_^Hjv#HZD
zYx~XK?K!eN5?eb*M)SjV)zO6!4h^<E8)OSbuV~jiG!O)vLDgH$R?KjKCW1EH&+_?d
zuc_;zYnuaFI>NGUzpzaoErxS4cL&v;rE5*ETEel$dAWdVvH51$;QlenLTg7k^I0#e
z`^Xa;8Xn5TAGXCVvVs~mG6lKQRJ$n`w;Ro2Xf!yi*seU)Xa*U+96*yods(dN)vWH$
zS3`TZ9LIXGSFJ+3P7wF+@fimhSI9X0$lUE(l<2&0pyl2<a>gz;t3psPP>f%epu^ez
zo?=VCr*NI~4X3Jlp)R^h+qV=C!+D0&0o%1_W@b90KWuq6m>)K#F70I{VlY$5GdmB$
z8G`|PG-tBsO0`-VI~Twy(yTS}3su#+Z)l+LJx^Yhi-rBN3^Ao?=j&`0x!DQETC?7*
z+quzNGoLTlRn>yhelfPz%=hh=lGw@4GS(X8QB)W(aE^DU1`N!}aP!OZffOe{raA8Z
zCw9QlG2htRcgWbzxYnBaL6+w&+9Wau?Lu8;-8^er<cdzn1{NiDuJ;zXo%msfhP}&?
z#^eLKEqJTY_EL>$i!MH4n%G|{D?9Z;&(oN8sgQ|KW7;7TVrtkkS!1mO3T4}25FnTY
zaTv6B=3x$%*2DL>^F_ZuY_o-)9mFvAv*zp+3mIV^%YAVlxUPB_2$2Ko4MQjF+vzJR
z+ced%&h59W7#j2CYSnh3*pS=!1><6|SREa=ZvKC|4~ABX4J~ziz&R>zC<5s8cMr@}
zIl2^_PWZ!yZzFLY;Y>w0GnmI5!c7$0d|hJ(G3-)f4;(!1ff)$)K<|V-oJN`00~);!
z(sc7tmI%O~4L}N<gLaBsE>?AJ=J9PF$^a?i`HTWecFzYOKWx_>mF=dvqibIe9V)`g
zsu>nt-b1ukl<1prYM13;EEEQ@EsUxIRbusE5uk80sH>&<UX@upNZ-!}?2nv(1h}uP
zQ3NzE+K>WS+C1u^Oa*Q_brN(<j*f48^0npPWw<tf;#7?nbvN6t@2#(I43^k#H&x$*
z<!ZZy+u7b$e_Mx10Jh6c)wsJATQ2shrR}D^^-Uea61EejD!%SE+tt1G)$Mxn>rFkw
z(d6xsdm;>jIfi)s@k&e?aG@lRdtokPFHK}Fg9{1FWw!QtOLr}^HP3gUrg44e9?UBE
zs0Jo#>hm9PiRl#|%XFs&o{Jry=<ma<aQp7kR(Jny278sMdx|T@KGuqZ#<?h(E)v^I
zX-sU<j`tR36`v7_2a=E+hqK``zKFtX+TDeQ<{bt11z<FFlx5U0?PAeu&Gr|7hoLJ(
zKZETSQ<YyVY@cCUKk&E-mOoY7uBjJI-W1yvzx5T5`={7&qZW7S@Q2M+e47utMRv5z
zZ82(skUs#hz3h=1{-?X?!*ZR0aotXCM!%cLy11`|4Wm5f3;4rkpQUcv+GPDBc3ObW
z&ROiQQT~lb^)d3<!*^t#%s(QB4wEx%vr{+CR!m)*p1aMDo8uVlIbE=KxSRQ`K`^EY
z!^X^KjeKwIdPUr$*G|s58n#Evms|gPrzS24u-$xW%o+>^)%MechheNjmy7N8Qx#qq
zW0F~KE)0%XS9suS)YH|N<VK)tjQS|_Q`m}fu_%j$tnAL4vOB11`-LZB`&pUcOZVYI
zX<B?Ai!GfxXl{a0cl+Bni4Vic;%*Wjzp>uy>d4I*{)bK!cb5QP%wwwLZqhW%_9u;)
z{J6V4N9JdEnD+nzH<a)nm$d7@!E<;gO*N2SZ~M8l!*D*j3$2|~)$RJh#_*Ag?b~--
ze*4a~bes=Uk1CCxBgMJ7{ixFRqe?jOH+xjceK&H;sS~(A=xu)&br?EKckz3LO)h?m
zLA1DflysN>dl$d%Y`}^wxZJ@Xwmchnqvt<yeay>&!~Z0{!`VI6SojpwQSpt~>Ew$`
z45An=58_)&cTjFU)ngXJeD6_m;-0Rq)Nzj(8y?HmZWk^VwOP%2y`!Y=|Mxmg_njho
z#_^|}(LrrL?L4-$#X<c(*4+-o7bfEmLD);&?oxdOzZv--y364%rsk(=eI?(%sdN}-
z!T9k8wp~-z?QR>aR10@Cc{@Kedri6hbn{_20`6;`J5L>fy|&jrI_8$At7(kuVbH1K
zv(xw$OS9Ir#@<fFWB+nH6#~iZ5=cw@nJ0E1TeK0;n76L~+8qkB*{PqS+dTS}{f(8q
ze8GxKNXv(`MB;Yuu(T56Iu3#S5Y&C?ak))qV*3{Bqoud}-<yTG6Z$q&Cv?59-d^kK
zaP*+=1U`AH!t<=$?mxHwcDL(%t~gcQZpzRt>+OlcVW@Za4NtsDy)T*4)W!CfYlorg
z-Iv`rnyUJ&?GLusW;q-+?(Xd!H(lfVyl}fy-}+7+4;5fbrs~^u>UcidPHpiZ&h`P=
z`U8L~0BqNs`od$hegiHfaDjjozi=sltAnP^+M!(r10mg_!Ac7Fh)WYwI)z<pgI_<p
z+el5D)pqF$Y&V`d;@c<KVeQavJ5}99)7_q>9)|PDT@+x}G=BGX#jI_2Ut8aOp=-g0
zivv`>tNzlo#Ug~gUGg6+RDpgC`Ix2JG`7>jU6G=+(yijq9$*y<bg&bvSYRhv#lp?-
z@U_W!bK$aH+bw46Ta0TV$4))>+c*6|U9~2+x4rBgGAzb%H&a*c2}t}%1cM>|u=SfI
z401?|U+J#jOv_EN*SKF!+-2&}o>~m@y50V9<6%6ubEDrIxnG*L!~Z|WI^5EOhpcV0
ze0ko!bpovnotnOeKe{XY>gK=pW*v8WVL>pUyF*|X_W9p_V8zX)-7lgK%X|;@j_sJK
zUMCw2dZx{KE8Anr){iL|y|G<ws?yz6Y+kPo+G@Mzx4!1x{O?**qxqn&_N}?W87G|k
zb_6Hgc)v7Sl5D$Y;@5zO@tte#*4mXu-%sM`U~}Jgj+WxKcNk1NdIJx}GdI8Dif-iO
z8{aUMMmB@0*U#E~*%fhzsq-+;ipA}-Z|l!KH^s#>&Er=uuHQR4PAjw_5FYN8bdJdQ
zj>#Rit50=!V?SFQjMi_#dBayhxeFLPJ&DU#_rPAmXAUr>bZ6m_`3V<hiGW!D*%l5G
zHlV_z^T{V8P_;O@-EBzh%iEA>f*1t23hsPuP92UGf<)&~8?3quf4I;dyH$zdfVV1<
zEeaoH;8try`NOhn7K_r@)hbb&SpT&s7c1<8eu%58+XWm!h;o**p6#^2wSM;#e(l{)
z1S9Ea&%7#|ip$X2e$TGbjum~~H2RKHXI9obTGp&MU7b~K;JE(O?4Zc|N6X4nX!4l2
z9PtIhj!3tLo(Wqp)!yAmvREw4_o`}Tc(fdj(^d0FSBVXM96CyOSJJ)?rD)gCYoUM2
ztNs8>bM#Gr!PMwO(dD^NERT+q=owuY7X(3XhBEL96fW0`640>nWs|SiWwy<}7JaVm
z<xOkDYjY}Y$stdq-<$P{Zq^#E!HdK=2(F~jLuvrBql0M|s;Y<VFg&1JpC44cB40xg
z&~a5T7G%3<yc8xMWOZhrt3!3T>@&NFF}7@~i8lT1XCDs3+!Cz_e`q&25ZFc!1=r*6
z)86c}+s5OO7xKi$i3RgQ8drvkAK!2Mv)jhQ(BQ`Zke8ctji<9;Vz+ApJKI45By<H&
zBrM9Mc{`6l<J~k>UFGw3cH=5Z%d1&y7Mppy&Lhsa%`)R_%jetvVBUU5i*swUw6<WZ
z$!pI|mr5&ql&gIi`n-K73F_DFfo<HjV?fzBk&#ZT$8Ocniqahkx4B&15o~4=GM>M!
zfHScTAP!qTixS)fAfKB>B^ehvH#>_X@Y4|mv<>+Edcd3w_~&|nXS1jz3ud_{n(_A+
z?c4N^6dhRoWYMA3&lMe6{c_Q<)o&D?Sp9C%sdeb?QROWDqb}N;waGs(nz-K-&GbJO
zP2As#Chp%w6Zg!c`prG!o<}rsFD9C}J4F*0KlZ|wv$$hjv`^evG;yyhnz%O=&HYai
zP273W#4SV<w-HU;dx|FRgGCb;w_7bPvwy6M4v717(ZqeBXyU$FG;!Z5n)$t7G;u#E
znz&yUP2BH_ChpHg6Bp|dT3lxLM;9FucfV-jo_%ym<soq|Aey+B5>4DIiDv$DqKSKT
z(Zs!hXyV>nG;#58ipAybw{y`EadXkcbuX~WBjT<~JaO+Unz#=aP24AnW_iyRP287?
zChqG+6BlpmvA9hBP8S^$_rs!z`&rS%{kmx4{!lb=e=VB0e-%yKGrF!QX8Gq5P27u!
zCN7o&wYZGFtcy;Fdlk{d4Mh|8+M<bjW6{JtSu}C)B$~KOqKSK|X!6`$G;wir&*G-G
z<9eWrPKo<y(ZqeKXyQI!G;v=knz(NkP2Bg2Cho^Y6ZeaviTiEQ=`0S+=-|xca~Mc|
z=3?h&XXh}|EIK!Hvo^sW))UOxfPbwAcysvd?quh4HiLm=Kz%pSo{fKiXy58bi4LrO
zis;bl=ZTK2eue1R>Nkl_tbUK^)as8p?af+T_xNy5oG(Z;ala*+@jnqw+~0{N?mt8m
z_bjff@`!t0(Zs#DXyRU8G;#Mh?GqQvrC`fhd?L}ry`E^|-b^&p-&!<r?;@JGcNI<C
zRy1+%C7QSo5l!63IUNueuY<F=EbbW+P23lWChluQ6ZdVRx&H@56Zcc1iTf4N#QmOV
z;{HN3asT9WNL*arTU=)EPL4bz?he<Jg~Yv}XyRU4G;w!{W`3S%;$A~EagP^G+>=BT
z_x4Ul#KpHt7MIy|C7QVQ8U<}7BJMtkC+_`36Za9KiTfnc%>Ox}iTg6q#C?Nk;=ar2
zn7DXM-12buk4Q9eKPQ^F-w;jQABiUJZ$uOKZ=#8NCf75?EbrW+iF;Ae#J!x;330LF
zjKyX0-4adQNHlS;BbvB35l!4%i6-uyMH6>fG;wRuEdL&&iTfa@Q{v)Qti@&YV<eim
zPZLet7l<bAt3(s`EuxA0KGDSeglOV^Ni=c4BRaL?#Lu0co1OJA)ckQhV9vu(v*ZlS
zF~R=z1fETBsw9~65a(_K<=p@763yff6z$vHA1ykt`l+HrtDi4Avig;xW2@gRI<fk_
zqEmZfk8o#l8~bq=>&;sIMbU)E_fgn#!hU;Q+T=eKP59r7Cj37|6aK8OC-Vq@KGB4~
zglNKFL3C=%yQ<SZaZ}O6#Vc5_<;1zZL=*P}(Tu;1XyRs~iMt}2xI@vzy|-xMK2$Vu
zAMbQP+-Hg=E?ya6aasI}C7QUe6;0f?i)Q){iYD%-MHBa{qKW%`(Zv0wXyX3a>5#Z*
za9veMT)b=C;<C7NNHlRTB$~LF5l!4<M00;%G;yyfnz%O<P25|EChi@aj)-eS6BjR^
zw7AT^l4#<ti6-v-MHBatqKW%t(ai6;qKW%*(ZqeDXyU%x>6o}56-`_`%5QO*-RC8m
zxZe~_+#ic3?r%jC_wS;KduG>9#mxUaqKSJk(Zt>9bVA%?MH3gl*R;6YJ(g(VURN}6
zZz`I&r-&x*ylCPUqKWIiea#b=cTb5Y?t`69iTha5#KjAiEiRKkU80HmLea#1wP@nL
zRWxzmFPgZY6iwVOize=OMW=RH`GwPSv$H<NnLn)u%-H~YmknLn+^pwg;8~^t1Xx{*
zp0oNMqCFp(;f6o9oY4<jmp1uhL<d$sO>}7W3q(g&ze;p$^;<+IR=-blYV{|a_K5o>
z(d7A#XyUp@9CNz;nM4!!52A_tFVVz3o9nwg;+|hLaW5&FxK|XN+I|Q%j4ikD_MWFz
zguj|g?Gyeu(S*lO`I+ACexgKE-&Qo?7eo`jCz|kkMHBu$q6z;n(X8tyI2{o8S)z&i
z64AuPLTDD3IIojv;=V&P<3A*txStVC+^>ly?hiy0_gA8c`xmD};{KoOszTzPQ#5h$
ziW`f|;x8=G#O;VC?v+I|eIS~+*Ah+K8;K_FEkzUej!s9!T@+2+foS5od*wNcyPHH4
z_W`1b`zX=GeTr!A|2)yeeT8V^zDYE3-{W*l+>ePS?iWN8_a?4(nf<pUnz%m^P2As!
zChk8(6Zb5xBa4~ec|{ZV;-ZOrd8ZTN?h#GgL^N@4<#3tZ^(30OHxo_VTZ<;{T|^W2
zuA+(Cie~=z5>4EPIGqyraiWR)4AI2J!Z6r!?*1Z)ChluQ6ZdVRiTeT3#Ql_L;(kRm
zala=zwWG){ot~SW4KU99c|Bk*K&MwYz`0qg8_|rvr)bZ{KUlOMATRfbQO@L#mFU1G
zf4b<<>KBTRtbVoV*y^{6PON^v=+x>@I_(kn%c5EScSRHT=c0-09+Aiy{YQx=?tan4
zJ-h3wJmOwJG;uE_nz&aIP24%Bed1nSG;wbrnmjibO<XJpjV<@B``bx0adXkc?TaSv
zs%YZgS2S@SE;_ZnBwC0q&X)E>7aI`%*`f*mQqhEey=cPY$3e`^X7^5srv9*K!hcpY
z;lD1L@IMqy_+N`=UH{eTkho`bJyS^BbBQMIMMM)9OEXwp;#^juiF*~%j1NT<_u8U~
zdt=eWJy|qy@8onu+$GV(JykSu?=G6ScmcD;W$_P`XyQIvG;yCQn(3b}nz*kNP24w&
zChmKkj*0tm(Zv0tXySfbG;#69WsA$=ek#$#{k>@7{!=t@&+7WEnERhkG;uE>nz&bR
zIw9^=MH4p_P2B5?ChjQ?m)V~n(Zs!tXyRs~iMt}2xI@v*@7|(``%tG-;yzw9ai1xg
zxGxq>Tr9YUEoXMGm1yF=T{Lk&D4MvR7ERo*iYD&&MW=QY`IXaiv$G*OjlZl1%!L?M
z?&^T%X02{TGyYzpJsbZJ(Z1D>6CK#E%G@t<a_;^Ni4JY@7m1FnevRnZ>bHqbtp0%L
z)ap+;?Gg7YqFLVeL=*QHqKW$_(ZqFc;>wxaJtvWS#NFY#Dv!7q6iwVqize<a(Zuzf
z_KAB9(ZoGoG|N9pG;wb)nz)yD_>AsKG;vGO#N8*Fxc3uH+((Ee?vtDji2EGT#C@4)
z;=VyNdEO<OxO*IKU=Q9$B$~LN6HVN2h$iljL=*QnqEp+c<G~qhxy}7=E;c0mnOx5l
z68_wx34c-1guk3<!efyR=5Dj!Ez#7GXu@AdG~sU|n(((0&APs`(-Co(MH9CcP278k
zChmho6Blp$wYbE2j6@UnX`&hb0@1{Mm1yF=MKp2W=X6ZmPlzV&mqZiyJEDpEGttDo
znZsrAe~@V6{!27*&*u8AnCZ_inz)w~P24Lwoe<YP6ojUd5cg^lPu$}~6Zb^X#Kr2@
z+}}2a+e$QX7eo`cCz`l>MRWiAh$imCoKA`R1kuEOmT2O>L^N?<Cz`nU6}H7?_V18r
z;(kapaX%xPxL*@Z+#iTe?I`kVr{`v8BMd8lT@RRxFs!UNfVo+#hoTvOZ_%EOf2e5R
z>c@)?tbV5G(0)^fAGTr3nca)mrA_`?(XrKU7oAxBLD8wzpLW_K?pH-K|L=<??k`0X
z_s^n<dj{7RdBnYh#M|P|A<@LWkZ9swMl^Ac5lvj*X`i^)6iwV4ie`DY5KY`Wh$gNP
zO<cUK0b9=Gl|&PFO*C=uFPgZI6iwVGI~@@BxuS{ta?!+nqiB}@Zqda3sA%F|)!{Pw
z^Ab(mZ;B@Fk3|#rx1x#rcc(+*p4s(9A#u+mnz$DeP28QL$#bk|;^HN0*z(XehFGGB
zdtK4Qy{Ty8o+3K6V-Ox4wb|L+=3Q(=_(C+{8_|Tnr)a`ISTx}uE1K~5%?L}g#XVi3
zsb46X@UIq4__vB?UBBPyn7E%5P24YwChm7d6Zhw$iTg*<#67{`5@)|e6Zh<{--;Q3
z0nx<0lxX5!$?1f+_L(0JE4DhWF7d>@foS61Tr_cSCz`le&6N4s>~e`FZeKKUS4A`Z
zeMJ-Z;ZCQ-eWGaMK3g<#Un-iouNO_+cZw!1ejH$NS=@&unz)}8P28`GChiYKr*;(i
zjni|pvoVI1zpV$%#TZt4uE4ojtM`g#{Cz}wHvVCveXE}!I<Wd#qC=}+B092Pl)2X?
z=FI+e5*^#*?+~3>{UOn*)t_<NBktEkGru2*Cho696ZbEoiTi)9XYz=9PSM15>&xZL
z?!ppH+>U7CURgA81E+oBUQ0A_ZzP)e-%>Pj?<ktMi=v4;5KUaHZHg`D?st=D;yyq$
zaUUg`xKD99Anx--6ZaLOiTfteEbl#{iTg3p#QlP3;^L*i7MIDtCDFwFiD=^fPBd}<
z;dDscv$(z}B<^`d6ZhhxiF<j`EPsz^;wGYri{%+CE~Bp}(Zs!(XyV>lG;#0ZbVS^{
ziY9I=nz;88P27iwChp@zljj+tiHkKTEpB8_ofk<oabF{vxNj4k+5r^539-A|y+7b$
zW5Rz*G~vG@n(*HfP557kCj6g76W%?YlgETVQA)SP?{NKAOnpJoguk?C*7Yu@6XM$E
zkvOc_{H`JK#64a#aZeIW+}n#LZdWvMu{<90x7oXwUgimL_epZb-%m7gAK`RL+$V`9
z?sG&F_hq7q`v%d(eV1tBend2J7aT5&|C~e<_Zy;#`y<h*9YucY^xW)hf??(F>j85K
zhLyf6U~bmxRnd&UuV~N4KU}nL^%F%0RzF*GX!T1)M^?XHbZoyibBjIaEbg5Wo!I0b
z7M)uCS*JbXeqA*8|DkB&{#rC~|0<feXLLQ2N8EFXChkQ<6W6`YB4_rOm1yE#MKp0k
zr+wmHTQqTRESmY9ESk7?5>4DC(ZoGfG;!}Pnz&ek16$7Q9w^boeY9xeKGo@fxX%|&
z+*gVw?wdt3|M!X}?#D$F_lu&5`)$$0#d2O2m%IN|qKW%^(Zv0y(;;!s>bk0sxaSj1
z+)Ici?iEC{ysL^PZYr9%*B4D(EX`nXnfwHaChl!S6E|}@BJPT4;toX<_uit3`%uxu
zeY|Lv|4h-ueX(fb-oW89`n3{G+_#G+?gyQYiTi2M#Qmyh;(lK=aepbAxPKN++%veY
zC??N2L=zXUrN@@X_RPPKL=*QiqEkEk<7b&RxlMhHi%ke`A2;H#V&ktV@r1vjXu{t@
zG~w?cn(#(6;oZ`Kc|!Qx5eCnKp_g5g<ka^U&ANW1(<yPEESk8_6;0fiize<HMHBbk
zqKW%a(Zv0{XyWD$mpI>)XyX1@bZSSD-#I-uJDXxy`Nw*|TnfYPH=Fs~tkwHm0dtJM
zpJ>m<KSH!`^^-&gRzF8{X!XlPM^?W<bZqszL?`xZH1{&joW*}cqEnmvb5482{f20!
z|B-0o{zf!$|0bHaXL3E0N8EFZChkQ=6ZdkWiF;|u&*JTtXyQgr`^3GDXyV>PH21%i
zXyV>kG;x<j6So#k+<S;7?t?@V7cY0hmNWauNHlSu=5#>Z7l<bAt3(s`Euxv<`$QA>
z6QYUxCDFwFj%eckOf+#lhs*5#AkoDAm(w9}&*nO=khtd;P25Y0ChiqQGk^Q*Fw{;+
z+^b1EagP&C+!I9;_ZkkDyWdu#iM!x*MBJWe;_ekq-1~?o?!!bA_X(m|-m^p#_a&l<
z`#RCYJ>KCm`8y<<xF2#lChliM6ZdPPiTeZ5#Ql|M;{HW6asSVCMKQ}ir)c6{STu3*
z`gm+PqdO8!+$%es5Z69X#DT<~n%9ze;@(I!ac?P_xOWsy+(psE9f&5+-9!`j_N1N3
z6I=WPBs#UT6}OyFZet(iVpGCDMKs}`Cz|lD5KZ_ui6;DeL=*mFq6z;6(S-k&Xu@|L
zJnQx+5}n##N#ML2oqKk}FFTyZ6N~tB8iNcr_avj+rqj8L<LPwB2VbI|Jkyapr}sVB
zGDa;>EyJx|g7WY;U54{B%{Q*cKV!o_EOT@A1LceST)expqm_Z%>*t+$j-*AJ@qJw$
z)B8@Rb3e75PKW(Z>lhqt8UJk`n114x={WDdQ&;XG60NR|#PL8GCvU+qKN3EUL>cZl
zxc_d$ao(!Ba(TP|ZgXX9#X0EmcK_XmGPdd*ba}h~ZaY#ww(1;oU!@#Q9|tO9tB%Kk
z%Gj#D<UnPdUXI6Bo#*yMQ06Q+KSs}}yXlH-<82V1QQvO9v46B793R1n&-g>0*j(D_
zaJTXc!reCgc|0GNpG|Wn%nP_pGhhRw3&*Mv?lUrRpK;0RKI6AT?lZoba-RY3KI0iP
z_Ze3(?lXQ$;y&Z63HKR4B6pwh$dUVuDXja9yB_c}?sNZWJ)#Za`}f-icQ%BN9_QH*
zzJI@cP=7=CXwJJKe3a3~aPBc3K7Kq9=k)%Of$8*{=TE~M(;sR$D`I0l`)$)!!fgXO
z=x{V{?RXt>eQw6NS-4*Ro7U&(Kur4@VQvWDlz%f{o8-TLKVzoLJ@oKR>%o@1G5<}|
zZ+6@dDW6flcnIa{JPh5K&t~D9)!V50H}Gs0zFGd8wg+|_8}i?(df2qxZc=ZDJAAWx
z+brDuVt%?EZkB$tet5Hd4scv-)O5L<9k0V(Z`=8E+pdQrQx9&L#*OWNy}xxE(ztD_
zK5x~AIUnY(3%#LftEycdy}JPYhx@~qMQ%OnY}hT_>)Bj9{^LfgeH)y8p~!d)?i%)+
zCHvL93&*OXb=4T9FkI{{6lK@gFJ0UY=xe&gL=f^Fn8{?wx5Z-h8!>PtvCvzYUo3j|
z8E2O>!t>>NLpVw-2KLvQE-5?~gMFK1-YYj|Zr3e0ZLcWpTF<4)+seHF&E<;!n9N~q
zS<~3{H(eCgA<Ei*Bd<Jm5%>?Uc{a!vieAyK*`F7=Xk6qh+Ft~@5TKWfTD_pY`O-a?
z7XJ~tu@1qrP#4`L?ZBakJR8{6u*(S>xb9sn7OM?)j6*nmJP?MZ-p6Thj7HTn;S<Mb
zVPKyvbjg9(H96Mk-N=tBE9!2hL}9<da;5J#egc$>y~@3cz!i%BuwQo@C2N%0<gHu4
zeR`*TT`dOIR*ZeT-t92nm`c+w7QNPJjS1CVEGQu3HVV98SV@Cb3tfwC^Fg=BG_$y~
zYhPi}w6)3lN<LW1WX05_>CKPcsOxOt|2RoqVP*A=2MfzR4hDltJKyk|kHQ#}%zATS
zpzI95u{VR5vWq3C#}V+Ll`~p*`<u0i(zJD@8N>l<mhG>%UAAZfy`FZGjn`^pdPO<Z
zT#e44(HZS>#eX!R{-CF|uJNiY2GQcGQX8YL!c)#oMDeAZ8#-=86~lb5k|Dl{a+SAO
z)Mhp7^^|02iO6@uiI3xF+fR3?R+|s1VkOt=9Z#IOqE|-iq7ThpQ)(wX+R$E0u+bih
zK<C5t(8p_gylL!PtThU|j{d${9cg$N-HR7D%eY(0d%ee#jJK2}Q<}Qa+S6!Y7;HK)
zjJ>vfJa;@5?kZ1v!}xewj7iF=3wP_UtRCONwwLv{E00In!znKU9*@D(GWMOd<AJs_
z&hizt6GvX_?<^hP4X0$kvCjm$V01&1?;Uk9_>ZjCUy(T-v;OAB@fb{&rr#+z9*^b5
zT@_Ef{%$-GT-!IbjR)E`W#8Dlv9Y3V-J6Pv%Ko_5?TV<e_k6iv{D*tTvN2CwLXY*4
zcze?L&bEUy6DNk96|6PwWGHHJ{q;QKS=bh_{wA66C@kvX&^El|WIQ3pe)l?#@o<#7
z{sxNi7|edKmwRafw2Qa7SqJkIlS%Yc_>&hExE=7{PLb@32{we<7ZHqy+Ovi)9vBbC
zv2~05<3$7Gad5K!VuA4(9KXpI35>_Wi_3F79JqW@z<8+J5QZAzO9EU9OuG=8+hw#|
zD4IY%HxY#C86I<UN$?-78DU!B<ldu{-b6}fIhl}QS~_3ZH&DVtB`i|HVkIn5!qSN_
zTQdrtH(3eRhNoEbw0#w8o?^{Yta*wxPqF4H);z_Ug5oRIe8rltSo5{~6l=a>%~!1X
ziZx%c<}22eVgtompjZnOYk^`d(8^G(1&Xymu@)%S0>zqAM5tH`6>FhlEmW+9inUNH
zSFsi<)<VTvs9007ixg{-Vl7gvMT)gZu@))TB8^3{7Ae*u#hS8ftXPW`Yq4T2R;<N}
zwOFwhE7oF-Pq7v&)|6z4Vl7duC5p8~v6d*-62)4gSW6UZiN>s0n+&oYeX3YX6>F(t
zEmf?ginUa+mMYd##agOZODBEUIe=XO%?<EwaGwa|@H`ndN;o%>&<*$#ft*%M1TjM`
zY;sqo^Ob!AB`j3JA|)(V!V)Dc-5BOgRs!b*N;1Wor=?S@d5SepvF0h(JjI%)So0KX
zzG6+m^A&5pV$Ij~Rjm1nHD9sjE7p9)ny*+36l)4fpjZnOYk^`d(DGBP1&Xymu@)%S
z0>xUWSW}7(6>FhlEmW+9inUNHL$MYr)<VTvs91{>Yf2H3Vl7gvMT)gZu@))TBCTA-
zTBKNu6l<|!P021+ti_78Sg{r>)?&q4tXPXR7R6euSW6UZ%C3oGEm5o`inT<smMGQ|
z#ag0ROEf;kTB=ynk}1|w#agOZOBHLWVl7pyrHZvwv6fCUyAglls}?u9PXvyp0TW?v
z#GeQp4et|SoCQn-F`2fjucQl<uuut$l(1L{OO&v5BFxT?CPFN+H(3J=n{>u`fwHR>
zrkM2<vz}tsQ_OmbSx+(RO`5efe8rltSW}RF#hS0BQ>^)lHD9sjE7p9)ny*+36l;NE
zO~DHkYk^`d(DqfV1&Xymu@)%S0>xUWSPK<v3QDM03l(djVlCA2Q>=xGwNSAZD%K*!
zTBKN0ij5R&kzy@UtVN2oNGn6J7Ae*u#agUbixq215wT(|R;<N}wOFwhE7oGIT*X?f
zSW6UZiDFI3E>Wx{inT<smMGQ|#ag0ROEeb6TB=w}6>HkAinUa+mMYd##agOZOBHLW
zVlAEIb8`T@yx`QWfH^JDn+W7UKDjr;CU<7o<i4C2DB1Z+SfGT3N?4?X#Y$MBgryt9
zJjI%)Fnfx%$sk(;o?^{Yta*wxPqF4H);z_UH)+jIZ#J6s6|=r#)}M4{kE3GD*TNLD
zzGBu_%=(I1Uoq=Xnza=lDAoeSTA)}{kORe9pruo+1&Xymu@)%S0>xUWSPK<vp<+$J
z3l(djVlCA6Rjh@IwNSAZD%K*!TBKNu6l)4fq*#j-Yms6t((+TRMT)gZu@)=VV#Qjl
zSW}9P6>G6#Emo|>inUlPL$MYs))K{9qF755Yf2G`Vl7duC5p8~v6d*-60KatTB=w}
z6>F(tP0LQPmMYd##agOZOBHLWVlACyadQB>7Uc9CU?Pyi_+&zcY3V#=Uw<NuQ-Fye
zW)~=7p%NA;VX+dHC}HWwFi)}ODSVz{%~Pyt$rNjzV$D;md5SepvF0h(e8rltSo0NT
zU$HhBWRIG!So0NYzGBT+toe#Hf6|(r$!t81fnqjL%m#|tVA7dwqKdIV3scMnirGLh
z8z^RjNwc<+L&aLCSPK<vp<+!z4i#&mmQJx2D%L{9TBuly6l;-UEmEvSiZul<QmjRa
zwMg4nu@))TBE?#)Sc?^Fv0^P&tSKn5Vl7sz#fr69%TKWuE7lUlTB2A>6l;lMO(`}}
ztR;%IM6s4A))K7@#agOZOBHLWVl7pyX+<d3QpH-TSW6XasbVdiEY}V9c8$*I;eH~J
zWAS7{hH2?MWnW(j3ns!i1(*n85up+mDPge^mMCHA#xPH@<|!<mV$D;md5Se{SH+sA
zSo0KXo?^{Ytoe#HU$N#Ze7<7MSFCBt6l=a>%~!1XiZx%c7AV#N#af_P3l!!+u{IfG
z8)TqZ3lwXCVl7at1(Vk7OlD&f4HdJYVm4IFhKkv6(wRN`6l0+lrkD*Cv!P-(oHT1I
zG*YZZinU0w7Ae*u#hQW~Db^w_onkFgtVN2oSg{r>)?&q4tXPW`YYJYhSc?^Fv9_;b
zEmo{0inT<smMGQ|#ag0RQ&1AcTB2A>6l;l=pJFXltfh*zRI!#S)>6fqR;*$zRjj3o
zwN$Z|PL|<@d%Je(^l(2B$Z>ZvA;YwEp0cm6gat}iI1$Dvz(f#>jg+uh2}_i)bYqyO
zSo4%}J;j=*So0KXo?=bQPO;`G);z_Ur&#k9YrbO5S6F<-ny*;%6>HkAiZx%c<}22G
z#af_P3lwXCVl7bk0>xUOSksaz)&j*^pjZnOYoTH-RIG)HwNSAZD$Jo`Z8FH7YoTH-
zRIG)HwQ$m!oylxG`y$0`q?nBqvyoypQp`q^&TPk`7>l$p#cZUQjV8_7%8M0iv0^P&
zti_78Sg{r>))eGeu@-CT6l<|!Em5o`inT<smMGQ|#ag0RQ}7bSTB2A>w0#w8sbVcv
ztfh*zRI!#S)>6fqhN4(Y6>F(tEuGBI4fnAd>hXURI5!c<F?KQ`!?bjsvahd%1xi?`
zghdl!oB~V)5hYf_5+y9%80IO~Jf#dzvF0h(JjI%)So0KXS`mshPqF4H)_ld9uUPYy
za(%^`uUPXHYrbMl%TBT8E7p9)TA)}96l;NEEl^kj#af_P3lwYGu8Orlu@)%SLd9CB
zSPK<vp<*pm_(H{6s94jIDb_;8TBuly6l;-UEmEvSinU0w7Aee;Vr??Wb|aBuEmEvS
zlh*7^W@E<^D`sQGY^<1#6|=EoHdf5Wlg@0PsThm3FvV;<Y1UR$qF755Yl&hlQLH73
zwM4O&DAp9@M6s4==@e_JVl7pyrHZvwv6d><QpH-TSkv$nYpG%_o!r+A_lY*#PXuy2
zolM9uEuE+A>nmY_5*8|9krEb9gmDTm5k$O12}?JId5Sep$<I@)d5SepvF0h(JjI%)
zSksDCta*wxU$N#Z)_kQ5U$N#Z)_ld9uUPXHYg!SCHD9q7DAoeSTA)}9lyU>bTA)}9
z6l;NEP0LQP7AV$2#agIX3l(djVl7lyLd9CBSPK<v+OCSVP_Y&%)*{7Pq*#j-Yms6t
zQurdpTBKOhk}1|A#agUbixq3JVl7sz#fr69u@)=Lv0`m9$o7!2VlAGuW@j=R`^-c!
zn<!=z#cZOOO%$_<Vm49CCX>$WaG)4Vw6ICDwo+2XTB=w}6>F(tEmf?ginUa+mMYdX
zWW`!Kna&OO6R!<&SN9Wv96KiyGE7V7Df{|LSfGT3N?4?X#Y$K*5ymONL=cfDUz23R
zJjI%)?CUAkJjI%)So0KXo?^{Yta*wx4Mnl$E7p9)ny=*NE7p9)ny*;%6>Gj?%~z~x
z#VXbU#af_P3lwXCQbwRy3lwXCVl7at1&TGT2*p~cSPK<vp<*pmtc6Osp<*pmtc8lT
zP_d?Er&x;=Yms6tQmjRawMelRDJ+p<EmEvSiZyLl#agUbixq3JVl7sz#fr69u@)<Q
zv0^P&tZB&<Yl&hlQLH73wM4O&DAp3iTB2A>6y`*+HW_3)`ef3Yoylw*B2vX{s+dg`
zv#DY>Rm`S}*;Fx`DrVD3XLh8UG-k~zF9dwd{(Jm&=Z>A7<BHm@D!tYjWNmBevgz#V
z7WFYZ5P4EoXMNL}y1Ckpot?Qo9j*)5Y1am3$Igzor;}G@n-!(0?Ox337#HvF>2xJ~
z?z7`S8;ZQ8SsM1Tx`U-v$B-bmipgeu5IAlF*2!!Ag{oKN9jwJY#^qM+KC)~e+I32K
zOqumfw{uc4FwIquzwz-m9|MyGv;Ui9Tr{*9!$OE%&i6=Sp}MZutMZjj*X%8F)4>Aa
zV^D5g_an))!%|&;Ijgh0HT5QBZe{r+Pj)=cKb$1<ZJm`(fn{T*$}BrhBO5oLb-VMU
z-eVVgh~3?y#?HG-vugk6y{u_=ndX??cffvVxOajnR>OK$|8_PO32Q>TK8kH`92tcj
z<hEmH2Pge-fCXJU{VcDmrn6YpoyN3Hr&{cAaoCQvWtvV_b~^)8_lu?}s*?3{tL36$
zU(+mC!(O*jmA$pja<<n@>^-$FN^k`p+i920+K!!_JS(|(Z5B;!%6u{l0$jDK#~Jpp
zO0L`MjdjA{wB6qbT#f*el~sA{dVf8hY>%Wn5ovf5=?RWIP$Wtj9hVWndd|mXZHCpn
zHzw$eTFJ?FvG|Sgqv%u0L0#-EdS=OVrxJB`nSFV0*fkxyK=SU+XzAeH9WE1n%n0Kk
zH@1!wHnxh%CSaT7N$ahm(^j2+H7r|u7=|T3+iK*R!eg~Dz8l)zuqn!=kt-x~buyhU
zuT9n>DUS5P?lej_UcHA}#(%P}T{-?x3!K<#LrtT~l&TmV_JgQLR>@R)n{72Pb%x%s
z>9osP+v!)`VsWk0v{`Eoa9|ET!)gJ`rkm5uu`y-W9%-CZ#ZsB|4$yuiaoO$ECO5@i
z>{^<3wW=|n!D8tL*q!tz+m)|7x9;5dr0d%r!EFb5-t4r;=|r<ScB0rG6`A3zTAz%%
zIq1}eL=!VanHX-qVV}wA+r+GGazkQmX4Rmi(JM$eZcS{HyPeF&*_oW}Om5g?!<?k)
zOw2{5HteEK7@E$+L}6+>q=R$vz~n{N+w1_H(wNS!+GJhZzpU0pYmVu(=;F})*d~BE
zs)6-@o0_%t!RBOBV;bg;x-E0DFkLrv>oblW7znHWAZrW0v*v2nD2lu8u&w%8Tjc+C
z4#%yPS-;4YqOAuMa`SfC)Sc0LWX39J<m(_eo7Ig>Z(!=tFz>3NSuPgaa#uO*@9q^%
zyJycH&iZUPW&#}qcgkVE(-wWRUY*5a*)@y1%)UXryRC<2egSjc-HTbT8GU9({h-sW
zOw%c=meY`Sxfna==kc18UQwF)c?;Pc_WNsO#K={Yjj7vC)+x;@Qtjz<hK=dkK5@s+
zj;ZTGU6k$aPE%RfyjL}tWY?x_mks79n8hsMx)HBuDqGX-<W-Gp#@^bYj=wv0Vk$JK
zdaGGo?&_PS$(BZwWJ}S>I*36ZH;Uw8Jjl)ZX91?J)%;61u4<S4o{rS*j-8!;wqiP2
zxz;X&U@<Ft|AxUOQ`#4<>>4(v#)NryXHc8PV&CpgUG>a-W7^%Fey^GDn#F9`YkOv|
z=`p0v$|bYAbBBK3%;#Bama4iijhk>E<Yp@Y5V*!S``TTj|GQCUW9&7--lARGtrl~T
zg|L)7E9cEVle?=2d>*#h0<ZZGW!k=Dr$t_<s@^VJXQRrQ-<$P@TF?Do+YYIM>|w~-
zX4i>4mAfYIWwkx0?9s)iS)8T$t`m=)a|6^N7lEU?p@{WEZJJJFOKEH=oz<dUMvq&R
zS&8nvQ<R;e#JtPSR?A@@@1N;Zb=TBP+{|`*)v9UGO)!t;Vrkhltvx-l9Wt|R_RX#n
zcb~wjq3$f!RewY~2D^STjOuIG3IAqwT`y~JHwfok2Muj>dB_=3uUfSOB+NNyhh%L0
z+G4e6bK8$Bn0D2eveQ(<IyapG?nmM35Oca-m348xj6yLh9rjG8;T5bMVh*_3ll}Or
z?qpp%sl;&O^1#ftZ%Q7c1Lm@x&9E_S4Xvpcv)nYh(K@RECeB%}x3)f<)aKM-QJan(
zwAf2`mN`By4$B-n?CvxLu6g@GXSFKZj@dVWXI_@0*)4W5+?X?+qUmIqBmlRwYv(an
zJFNy~ec!mWeiw)Bum-kcb{Fmo){9gz>jmTQ&Q5FkgI?Aeb~g2}XBwV;2T@P|L9xQP
zq1=NqeDl$9aIIxIvm^f!tN(zTb$uM}3HNP<FLqXqt0x?EG@MbNi|QGcwpH5Rx05xU
z2J=fh*IQV#X{8lcHI5^8ulAa{F1lv4*XZuag0b_BgGIc-z7}`ZIv5E|RyLh#*y6?w
z2JU@>+SnU4xL&ijX-Z?d_WFFmbZUcZB6|;EEGgQV?eC^%G)TPXw0kaFZ?_s%2fJ^3
Q6?w3J+^(#zi6i#^04lFfi2wiq

literal 0
HcmV?d00001

diff --git a/roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.te b/roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.te
new file mode 100644
index 0000000000..6533b045b2
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/files/selinux/8/centos-zabbix-agent.te
@@ -0,0 +1,20 @@
+policy_module(centos-zabbix-agent, 1.1)
+
+require{
+ type zabbix_agent_t;
+ type zabbix_t;
+ type ping_t;
+ type zabbix_tmp_t;
+ class process setrlimit;
+}
+
+allow ping_t zabbix_tmp_t:file read_file_perms;
+allow ping_t zabbix_t:tcp_socket { read write };
+allow zabbix_agent_t self:process setrlimit;
+
+kernel_read_network_state(zabbix_agent_t)
+domain_read_all_domains_state(zabbix_agent_t)
+dev_read_sysfs(zabbix_agent_t)
+corenet_tcp_connect_all_ports(zabbix_agent_t)
+
+
diff --git a/roles/zabbix/zabbix-agent/handlers/main.yml b/roles/zabbix/zabbix-agent/handlers/main.yml
new file mode 100644
index 0000000000..ce03f98b54
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: restart_zabbix_agent
+  service: name=zabbix-agent state=restarted
+
+- name: reload custom selinux files
+  shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
+  when: ansible_selinux.mode == "enforcing"
diff --git a/roles/zabbix/zabbix-agent/meta/main.yml b/roles/zabbix/zabbix-agent/meta/main.yml
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/roles/zabbix/zabbix-agent/tasks/main.yml b/roles/zabbix/zabbix-agent/tasks/main.yml
new file mode 100644
index 0000000000..7bfb2627f0
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/tasks/main.yml
@@ -0,0 +1,72 @@
+- name: Importing specific distro variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - common.yml
+
+- name: Installing Zabbix packages
+  yum:
+    name: "{{ zabbix_pkgs_list }}"
+    state: latest
+  register: pkg_install
+
+- name: Installing selinux dependency packages
+  yum:
+    name: "{{ pkgs_list }}"
+    state: installed
+  tags:
+    - packages
+
+- name: Distributing custom selinux policies
+  copy:
+    src: "selinux/{{ ansible_distribution_version[0] }}/{{ item }}"
+    dest: "/etc/selinux/centos/{{ item }}"
+  register: sepolicy
+  with_items:
+    - centos-zabbix-agent.pp
+
+- name: reload custom selinux files
+  shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
+  when: ansible_selinux.status == "enabled" and sepolicy.changed
+
+- name: Allowing zabbix to connect to network resources
+  seboolean:
+    name: zabbix_can_network
+    persistent: yes
+    state: yes
+  when: ansible_selinux.status == "enabled"
+
+- name: Configuring Zabbix agentd
+  template:
+    src: zabbix_agentd.conf.j2
+    dest: /etc/zabbix/zabbix_agentd.conf
+  notify: restart_zabbix_agent
+
+- name: Ensuring we have a directory to put zabbix scripts
+  file:
+    state: directory
+    path: /usr/lib/zabbix
+    mode: 0770
+    owner: zabbix
+    group: zabbix
+
+- name: Adding some other conf files under zabbix_agentd.d
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/zabbix/zabbix_agentd.d/{{ item }}"
+    owner: zabbix
+    mode: 0666
+  notify: restart_zabbix_agent
+  with_items:
+    - interface-alias.conf
+
+- name: Enabling Zabbix service
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  with_items:
+    - zabbix-agent
+
+- include_tasks: tools.yml
diff --git a/roles/zabbix/zabbix-agent/tasks/tools.yml b/roles/zabbix/zabbix-agent/tasks/tools.yml
new file mode 100644
index 0000000000..999fcc6502
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/tasks/tools.yml
@@ -0,0 +1,25 @@
+- name: Some basic wrapper scripts for zabbix-sender
+  copy:
+    src: "scripts/{{ item }}"
+    dest: "/usr/lib/zabbix/{{ item }}"
+    mode: 0755
+  with_items:
+    - zabbix-hw-raid-check.sh
+    - zabbix-mdstat-check.sh
+    - zabbix-check-eth-settings.sh
+    - zabbix-check-iptables.sh
+    - zabbix-check-ro.sh
+
+- name: Ensuring we have some cron jobs for zabbix-sender wrapper scripts
+  cron:
+    name: "Zabbix sender wrapper script {{ item }}"
+    minute: "*/30"
+    job: "/usr/lib/zabbix/{{ item }}"
+    user: root
+  with_items:
+    - zabbix-hw-raid-check.sh
+    - zabbix-mdstat-check.sh
+    - zabbix-check-eth-settings.sh
+    - zabbix-check-iptables.sh
+    - zabbix-check-ro.sh
+
diff --git a/roles/zabbix/zabbix-agent/templates/interface-alias.conf.j2 b/roles/zabbix/zabbix-agent/templates/interface-alias.conf.j2
new file mode 100644
index 0000000000..656ff19c46
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/templates/interface-alias.conf.j2
@@ -0,0 +1,2 @@
+Alias=net.if.default.out:net.if.out[{{ ansible_default_ipv4.interface | default('eth0') }}]
+Alias=net.if.default.in:net.if.in[{{ ansible_default_ipv4.interface | default('eth0')}}]
diff --git a/roles/zabbix/zabbix-agent/templates/scripts/zabbix-conntrack-check.sh.j2 b/roles/zabbix/zabbix-agent/templates/scripts/zabbix-conntrack-check.sh.j2
new file mode 100644
index 0000000000..f1805ce868
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/templates/scripts/zabbix-conntrack-check.sh.j2
@@ -0,0 +1,4 @@
+#!/bin/bash
+zabbix_sender -c /etc/zabbix/zabbix_agentd.conf -k sys.net.ip_conntrack -o $(wc -l /proc/net/nf_conntrack|awk '{print $1}') > /dev/null
+
+
diff --git a/roles/zabbix/zabbix-agent/templates/zabbix_agentd.conf.j2 b/roles/zabbix/zabbix-agent/templates/zabbix_agentd.conf.j2
new file mode 100644
index 0000000000..3d2f4e5e8e
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/templates/zabbix_agentd.conf.j2
@@ -0,0 +1,19 @@
+Hostname={{ inventory_hostname }}
+Server={{ zabbix_server }}
+ServerActive={{ zabbix_server }}
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+LogFile=/var/log/zabbix/zabbix_agentd.log
+LogFileSize=10
+EnableRemoteCommands=0
+Include=/etc/zabbix/zabbix_agentd.d/
+RefreshActiveChecks=180
+BufferSend=5
+BufferSize=100
+{% if zabbix_agent_tls %}
+# Settings for TLS/PSK between agent and proxy/server
+TLSAccept=psk
+TLSConnect=psk
+TLSPSKIdentity={{ zabbix_agent_tls_psk_identity }}
+TLSPSKFile=/etc/zabbix/zabbix_agent.psk
+{% endif %}
+
diff --git a/roles/zabbix/zabbix-agent/vars/CentOS-8.yml b/roles/zabbix/zabbix-agent/vars/CentOS-8.yml
new file mode 100644
index 0000000000..045ea43ebd
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/vars/CentOS-8.yml
@@ -0,0 +1,8 @@
+pkgs_list:
+  - policycoreutils-python-utils
+
+zabbix_pkgs_list:
+  - zabbix-agent
+  - zabbix-sender
+  - bc
+  - ncurses-compat-libs  # Needed for some megacli tools and raid monitoring checks through zabbix_sender
diff --git a/roles/zabbix/zabbix-agent/vars/Fedora.yml b/roles/zabbix/zabbix-agent/vars/Fedora.yml
new file mode 100644
index 0000000000..1a24c05ef6
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/vars/Fedora.yml
@@ -0,0 +1,8 @@
+pkgs_list:
+  - policycoreutils-python-utils
+
+zabbix_pkgs_list:
+  - zabbix-agent
+  - zabbix # provides zabbix_sender
+  - bc
+  - ncurses-compat-libs  # Needed for some megacli tools and raid monitoring checks through zabbix_sender
diff --git a/roles/zabbix/zabbix-agent/vars/RedHat-8.yml b/roles/zabbix/zabbix-agent/vars/RedHat-8.yml
new file mode 120000
index 0000000000..a38d21ef87
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/vars/RedHat-8.yml
@@ -0,0 +1 @@
+CentOS-8.yml
\ No newline at end of file
diff --git a/roles/zabbix/zabbix-agent/vars/common.yml b/roles/zabbix/zabbix-agent/vars/common.yml
new file mode 100644
index 0000000000..5c68df415b
--- /dev/null
+++ b/roles/zabbix/zabbix-agent/vars/common.yml
@@ -0,0 +1,8 @@
+pkgs_list:
+  - libsemanage-python
+  - policycoreutils-python
+
+zabbix_pkgs_list:
+  - zabbix-agent
+  - zabbix-sender
+  - bc