From aac264d9fdf04078761df6e6c07d86fabde8e3e0 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Tue, 3 Nov 2020 10:25:28 +0800 Subject: [PATCH 01/13] fix example --- ...r10-single-mul-DDP-nccl-gloo-Apex-mixed.py | 11 ++++++++- .../cifar10-single-mul-DDP-nccl-gloo.py | 24 +++++++++---------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo-Apex-mixed.py b/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo-Apex-mixed.py index 5f3ad33af2..64b8010518 100644 --- a/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo-Apex-mixed.py +++ b/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo-Apex-mixed.py @@ -31,7 +31,16 @@ def main(): os.environ['MASTER_ADDR'] = os.environ['PAI_HOST_IP_worker_0'] os.environ['MASTER_PORT'] = os.environ['PAI_worker_0_SynPort_PORT'] print('master:', os.environ['MASTER_ADDR'], 'port:', os.environ['MASTER_PORT']) - mp.spawn(train, nprocs=args.gpus, args=(args,)) + # Data loading code + transform_train = transforms.Compose([ + transforms.RandomCrop(32, padding=4), + transforms.RandomHorizontalFlip(), + transforms.ToTensor(), + transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)), + ]) + trainset = torchvision.datasets.CIFAR10( + root='./data', train=True, download=True, transform=transform_train) + mp.spawn(train, nprocs=args.gpus, args=(args, trainset)) class Net(nn.Module): def __init__(self): super(Net, self).__init__() diff --git a/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo.py b/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo.py index d55104b58a..be9625dcff 100644 --- a/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo.py +++ b/examples/Distributed-example/cifar10-single-mul-DDP-nccl-gloo.py @@ -30,7 +30,16 @@ def main(): os.environ['MASTER_ADDR'] = os.environ['PAI_HOST_IP_worker_0'] os.environ['MASTER_PORT'] = os.environ['PAI_worker_0_SynPort_PORT'] print('master:', os.environ['MASTER_ADDR'], 'port:', os.environ['MASTER_PORT']) - mp.spawn(train, nprocs=args.gpus, args=(args,)) + # Data loading code + transform_train = transforms.Compose([ + transforms.RandomCrop(32, padding=4), + transforms.RandomHorizontalFlip(), + transforms.ToTensor(), + transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)), + ]) + trainset = torchvision.datasets.CIFAR10( + root='./data', train=True, download=True, transform=transform_train) + mp.spawn(train, nprocs=args.gpus, args=(args, trainset)) class Net(nn.Module): @@ -51,7 +60,7 @@ def forward(self, x): x = self.fc3(x) return x -def train(gpu, args): +def train(gpu, args, trainset): print("start train") rank = int(os.environ['PAI_TASK_INDEX']) * args.gpus + gpu dist.init_process_group(backend=args.dist_backend, init_method='env://', world_size=args.world_size, rank=rank) @@ -66,21 +75,10 @@ def train(gpu, args): # Wrap the model model = nn.parallel.DistributedDataParallel(model, device_ids=[gpu]) # Data loading code - transform_train = transforms.Compose([ - transforms.RandomCrop(32, padding=4), - transforms.RandomHorizontalFlip(), - transforms.ToTensor(), - transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)), - ]) - transform_test = transforms.Compose([ transforms.ToTensor(), transforms.Normalize((0.4914, 0.4822, 0.4465), (0.2023, 0.1994, 0.2010)), ]) - - trainset = torchvision.datasets.CIFAR10( - root='./data', train=True, download=True, transform=transform_train) - trainsampler = torch.utils.data.distributed.DistributedSampler( trainset, num_replicas=args.world_size, From 06672519168e9be4501be9f15373dbf5b5a8400a Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 10:10:58 +0800 Subject: [PATCH 02/13] =?UTF-8?q?fix=E5=A6=82=E4=BD=95=E8=AE=BE=E7=BD=AEHT?= =?UTF-8?q?TPS=E8=AE=BF=E9=97=AEeng?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../basic-management-operations.md | 117 +++++++++++++++++- .../how-to-manage-users-and-groups.md | 55 +------- .../imgs/aad/openssl_CA_result.png | Bin 0 -> 4771 bytes .../cluster-admin/imgs/aad/openssl_result.png | Bin 8685 -> 13813 bytes 4 files changed, 116 insertions(+), 56 deletions(-) create mode 100644 docs/manual/cluster-admin/imgs/aad/openssl_CA_result.png diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index a09a94cedd..26b858430a 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI.Please refer to [here](#How To Set Up Https). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` @@ -151,4 +151,117 @@ Another example is to restart the whole cluster: ./paictl.py service start ``` -You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. \ No newline at end of file +You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. + +## How To Set Up Https + +To configure https certificate for pylon, you need to obtain a digital certificate first, and then save the digital certificate related files in the dev-box container. In the dev-box, you can find the configuration file `services-configuration.yaml`, and then you need to Enter the file path of the saved digital certificate into the `services-configuration.yaml` file. You can choose a self-signed certificate or a certificate issued by a CA. Next, we will first demonstrate the configuration process of a self-signed certificate. The configuration process for the two types of certificates is similar. + +### Configure A Self-Signed Certificate + + +#### 1. Enter the dev-box onctainer + +You need to use [`paictl`](#pai-service-management-and-paictl) to enter the container in the following way: + +```bash +sudo docker exec -it dev-box bash +``` + +#### 2. Create a folder in the dev-box container +When you enter the container, you need to create a folder and generate a self-signed certificate in this folder. We can create an ssl folder in the home folder. + +``` bash +mkdir /home/ssl +cd /home/ssl +``` +#### 3. Generate RSA private key with openssl +The next commands you enter will use the FileName parameter multiple times. You can choose a suitable file name to replace FileName. + +``` bash +openssl genrsa -des3 -out FileName.key 1024 +``` + +In this step, password will be asked. + +#### 4. Generate certificate request + +```bash +SUBJECT="/C=US/ST=Washington/CN=FileName" +openssl req -new -subj $SUBJECT -key FileName.key -out FileName.csr +``` + +#### 5. Generate certificate + +```bash +mv FileName.key FileName.origin.key +openssl rsa -in FileName.origin.key -out FileName.key +openssl x509 -req -days 3650 -in FileName.csr -signkey FileName.key -out FileName.crt +``` + +#### 6. Final result + +In the current directory, you will find 4 files: + +
+paictl overview picture +
+ +#### 7. Configure services-configuration.yaml + + +If you are configuring for the first time, `services-configuration.yaml` may not exist in the dev-box container. You should follow the procedure below to change the configuration file and make it effective. Close the pylon service, pull the OpenPAI configuration file `services-configuration.yaml` to the local, change the configuration file, upload the configuration file, and restart the pylon service. The commands you need are: +```bash +./paictl.py service stop -n pylon +./paictl.py config pull -o +vim /services-configuration.yaml +./paictl.py config push -p -m service +./paictl.py service start -n pylon +``` + + +If you already have `services-configuration.yaml` in your container, you can omit the process of pulling the file. Please note that the master_ip in the configuration file is the IP of your master machine, not the IP of your dev box machine. Please configure the yaml file in the following format: +``` +pylon: + port: 80 + uri: "http://master_ip:80" + ssl: + crt_name: xxxxxx + crt_path: /path/to/xxxxxx + key_name: yyyyyy + key_path: /path/to/yyyyyy +``` +In the example we just gave, the configuration file content should be: +``` +pylon: + port: 80 + uri: "http://master_ip:80" + ssl: + crt_name: FileName.crt + crt_path: /home/ssl/FileName.crt + key_name: FileName.key + key_path: /home/ssl/FileName.key +``` +Restart the pylon service, you can access OpenPAI via https. + +#### Configure CA certificate +##### 1. Save the CA certificate in the dev-box container +To configure a CA certificate, you first need to apply for and export your CA certificate, you will eventually get a crt file and a key file, and then save these two files in the dev-box container, such as the one stored in the dev-box container /home/ssl folder. as the picture shows: + +
+paictl overview picture +
+ +##### 2. 设置services-configuration.yaml +In this step, you can configure it in accordance with Step 7 in the process of `Configure a self-signed certificate`, just change the FileName field. For example: + +``` +pylon: + port: 80 + uri: "http://master_ip:80" + ssl: + crt_name: n32.openpai.org_chain.crt + crt_path: /home/ssl/n32.openpai.org_chain.crt + key_name: n32.openpai.org_key.key + key_path: /home/ssl/n32.openpai.org_key.key +``` diff --git a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md index 6ab1df2372..492cb3ed68 100644 --- a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md +++ b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md @@ -25,61 +25,8 @@ In this section, we will cover how to set up the integration step by step. #### Note -Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. +Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism.To set up AAD, follow the instructions in [here](./basic-management-operations.md#How To Set Up Https) to set up HTTPS access for OpenPAI. -#### [Pylon] Prepare your certificate for https, self-sign cert as an example - -##### 1. Store your domain name (pylon address) into a linux env - -```bash -DOMAIN={pylon address} -``` -##### 2. Generate RSA private key with openssl - -``` bash -openssl genrsa -des3 -out $DOMAIN.key 1024 -``` - -In this step, password will be asked. You can just skip it with an empty value (Type enter button). - -##### 3. Generate certificate request - -```bash -SUBJECT="/C=US/ST=Washington/CN=$DOMAIN" -openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr -``` - -##### 4. Generate certificate - -```bash -mv $DOMAIN.key $DOMAIN.origin.key -openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key -openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt -``` - -##### 5. Final result - -You should get the following 4 files in your current path - -
-paictl overview picture -
- -##### 6. Configure pylon - -Add the following configuration to your `services-configuration.yaml`. If you wonder what `services-configuration.yaml` is, please refer to [PAI Service Management and Paictl](basic-management-operations.md#pai-service-management-and-paictl). - -``` -pylon: - port: 80 - uri: "http://master_ip:80" - ssl: - # self-sign - crt_name: xxxxxx - crt_path: /path/to/xxxxxx - key_name: yyyyyy - key_path: /path/to/yyyyyy -``` #### [Rest-server] Configuration AAD diff --git a/docs/manual/cluster-admin/imgs/aad/openssl_CA_result.png b/docs/manual/cluster-admin/imgs/aad/openssl_CA_result.png new file mode 100644 index 0000000000000000000000000000000000000000..3a2a23bc33901eaf26fe12b35ea0d946b6d8f952 GIT binary patch literal 4771 zcmcIm`#+QY|3?SpE>RA5WaLy%OQk}#oN}s&oNX(Lq-O8gWKQINRJEEEjh*#t_Z7;h5io97882^^v3<>BeLC z?|2JA+_@1u=>(;uA(D&TH~pcO*xfxDzGBSAO=;{E{;A+`Kj{xW@@LG>Fj^By%C#OS zJ1pW2y*Gupxv?`xZ4tCRzV9>Uw{~H4kKDBpLMO>K?8|L|o#?TKnpQVwfhp+Klpf9a zLDQug=M`?E$46WyVTw1Y|J&`PA&o&(C(g%_Hr|%l8-9T*w0p#*V}_jDtbc|kkB=hv}3TwL{Du1M1Ekgmh-;hq;S zH!m1WcA%=mkLcYR8CWzKJi4fL$Fc;r((4Qvvd4vOil9c4MuJ~#UIFK%_J{K^YSgyn zxkb=o^SLt81i)&m7WAz`%oFf3o^?deX?Q0>3p+@f+zWM|MWa66-5`-@Rf+eEA_)0J z+BKKII$dN!SRZ>7F?`_ih$Tcasla#&{e#4S?Bva)2p+fEoBrkwG zvKFU3et+o61F=m-KD3*>Z#3(~P`t~4W&_R<>qo1Su}k2J=dWD@{@T7#9;3t~`T?vB16 zHhY)9EL1na7#6T{_A93Zc!zOXMlN~&a z!l}7)K*ca6%wm&Aj<)~NGv|j1he#)zvALc}whC+Kwyf+njRYc&?>y8V_WFx-ns0h) zx|{7L%vN}VUH>SmgVWw_}e0Z zUL>_HuWgMXfl91ZzG@iwmUw7wH^hn}GHS#)f6Fd6mJ*{#ICEgT8T0@>bglHV%S$sl7VFuMpjXg?1bIL~YWEZBkRk<;3+rf0&A@nH+{T1kNRZ9SF!i0k;`Uw2yD6IyodW$N zu-UKx$Bc^a7wB45Tqit7mfkwlxl}o#9Y?4)k)#?vsy00TLt5zEXqsSCA|k}Vt-Q-b@>lGjc+1C^&W0`7+6e9Nrn*D{#GxDUw$ zQqJqx91=9^)J1o(u;^L?&js;<5hw@y^K>s}{A@qXtUMN9q;MCD~vU{Y1z ziJqmv`&*}2s82@U`e$PYeKRj4+J;d-JzdhQVdn0`1stLe4@09+BKUtY_>BX~;YgkP z#Pe?Dl-F6kf3y>h7k_lRjlB#yoI0;I7Kh^NYoKU^XO}g-7fq*%qHD)=g)SCf4tXTf zQcdtE#lK=h>81}g{9r}3IMKcV^cgvUmTM*b%>mzL)$d5inmu9|O}*H!EayLS6z4&( z!YZIXvC3fj0^z-=!V?KxKlC^~r!Z4iKto_auF>;>QAUrWE_Ph!AX^~isGP1*lU+8s zri(ZuGN}M_$k}em=(2SSOJd1W6xI;Q!6FD}_;8?Pc({HOa;mWw9n#PaD(Oe7B1!T~ z`&IeoUw4MT8WNO8)@bEl@J9M_{V_9xpnS!oxrDO?zx2jb>u`g`KHEXuAONa&|XL-LoW0$jUY>X-eTj z;xkh7WvQ&Ipf&$>@9MoUekcO_2VFtkz+G8P2z`)0wS+V^m&$Lu7j3EQTXj!n$1|;B zNTBA&G1wKuvqBRqxxPu7`jV;3wPKA{kZpOk>XKKub%xPy@JMbluGxGWY=muFRRd)t zXzbDxaX+i`q8xU0m|fcHn-e#EHy zg;8ophPn#fS+fL46QeM5R0%V%@9v3=dQG}%hgYxuM%O(jW;XP|y4xyKo3q0yo>EuN zL6Mt(!PvV};X*3S!Ka%7{%knTxDu8BNERJpMHMa{FT=UJ1PK4Ws#l3S>vibAozO{? zV;2v7zm0SGdL)R~BtxQaJ`auhZ^z6ea$@2-Hd<-jL4D6qg^GR|wGg?-GXcLB5tSQd z@YcFn!8A3L(>kpw0&ITlIznv~dY|RrMEz$OJvB#_-4=+{`1>1hT0ai)Gc{tB#b^qF zFD#C+Z@DCNa}Q{04rrbhJAvL11mDJ!lS}ZIjI*}GthX?WuxCdV6ZytlLqjTiEAz|} zNsjZty*p``E<%8pGYD?p@B$=xo7#FWeKAcC&AmD)o?vT1IG*p}Cq(}W?#wYLr;x!V zXeIs*pWY3mj+>|8=ZuDT!8myu?Cs`=qtlFHS$xQ?>!5=>JQR_W>IPH?PC_-u%I&Na z1H(4`LgynUO@W}Au9dYV@vr!I=9mXSe)h^J>A>fKs9+tzCQzvSCnCP#KJ{?{qX)=wVKi@U{`lhe< zxnmE39ot5na;BzcVaSL1U9=lF3Mm&S%_!L^Cl=}zh-aKywP;`RfB+Dnz%Al?)Ra$! zk-6&Dd2mYixfy*3SjJ-`n)!+V*bpH3fB|{iN?Yfp1WRerh`Cb&G1PGu`BL1hQ_>-d zhTP#$S2HcOqK9s;f{t~JtGjPD-fvMI3n@l^YifQPu9N*@yEkAi8}hJAJc(ESM(^c+ z#7auHGq+t7$j{Tj8LY(4(60bodY|F~EOxD}vzYB{7!|u@0@YhRAh2B@u5N7uRp`hh_* zsyDX4xj<$}ds?LGZ+&}=SWUYyVpP!y!{Ux588y`DwHJm1`HVGP`I$C#6Zn8d{d*jT z+Q~t)&(9Y7&!s24vOggcc=tvYynw%zDxpX0V)1aeYI z$8F2C74|i1tp;Y!o9|s37Gu4cmJm(Zt&_b|23C}(CB6`A7|Y%1o+*X2UXl1K*5XmS z+2}19G9^n~?a{eo_PaxMO|-Hkom!a@lj(fx+FY%9ba(S0eiYW)?)sRismhvRv?pnU zy7xrtRtF=4_Ky6jBUHfacU7f(*XXjpTi3n=fmo??_tZREOnW7^n4O-2k-vZ&j!&hLOD$? z=kDw738Z1W|0(U;3Y!$9sDjsMKrQckCq>xt2HaCG7o#tqQuqm?LqD4<#qH=dUp@A& zimqF-^m7B!1Io~q+OAt<#Ra-vzH?fVZPD|tVkuc~DVo$n^+!oa48p9UALg-T)p8o( z#y*mJ0^J>)Oz^A8fREdfdH56h2)iqJY=vSg*Qd(MdiM0x90M zg2X-;qnIm|0Aps|ps~mYW5Xq?H&u^Q*w>$5R#DQlG}`OT8kWJRi2*m`QZy37EoWgM zrZKCyp!0;ncKKbmPuY_xyg~3hmU3`Rr>4DZ!7uVCKC?Ui^`K+8{bO{13NaFOM+V&` zVV(jm&0Cuc`JEa6dy~5G^YK<{%s?egQ;xnNO6g>0#KIB*L)Jf7#fG~%EMIkY^=fVV zPuD*s>=stI^ngI27XRNh#k|Y76+#KOjq$GQr?Ya`7wpLIwf2da9T=Sw%=|gMi1M(U zL)R+Wn_{i#Fli{iziraFlv*1VfJgm~ZJ?T&$|5J%priEcpLl|iFxub~dZrciz5KU+ zBF+sYI_z|0T^bJhnmPZ zfw)`Z;BgF>zd`ss6COYzEqrGFY$2vlxYa|afG$_M%OtdnsVerNkI z%d`E3lqutZ4Dc^bpLrH~>gB!8_=a~Lq78K?it z4Q~_dud3=9{lsuTP{e0=@b9ge`xo{GLZ|b9;UG!cC3J@1MY<8f|C@4)ij)sPQ12R$ z`Eayzopj$%hs{QauzL<84a!HK3Fmn{A+{gheo!IS077Q+S|H{66bkK;5y!lXIvSMH z-c5_c(*mn-o9JO>CjIjF8g_MhKoNL!+@he}(mU6lsVNUIP1wwPjtCml-JNkdjd1&v z48pE?M9?HC%f&F?N8Ee@_ol?^9CofSY@0`3lWm}bFeu{5uND}t_B|zCHMJk;sli15 z*b#2KGr*haYH}_1H+--@SG8t6GYn)J_6+z-tqvau@?3AvgSmCZ3s7JVDcG&l1?O3CG5;<0D8s2!HjXv@}rb6@_t&x_jNRvpL zA0&lU!|Dg=i__cL;W5pzWyAgQM!AzEp>>&Ge1>@|He;Une5zC5Egj}{Vw?y(<4Xir zOX&F+TI_|T2RJ-cogG>1N!$cKoCbC-zvg^tF_HrGNb#TMiHSPiy7=@c(UU!hg9S68?47cVQAv~n9cyTWR8 zQ_`^`G^kSL(Uo;fDCXUkaD*FM*cG9J>V^653ONM6jQPEJb>~X_!HVWKDWWn1&3MK| zaH4Bn4Whv>1=cLl?`ai#3cS8UG literal 0 HcmV?d00001 diff --git a/docs/manual/cluster-admin/imgs/aad/openssl_result.png b/docs/manual/cluster-admin/imgs/aad/openssl_result.png index 24903b772cc1f71f24a11bf9d3b0c05140c9285d..74092a6e73f983af37106304e69db05972d96aac 100644 GIT binary patch literal 13813 zcmcJ$cUV*Fx2PLP2rWqONYe!8Sw#EzEX_o={MJm_ekYp_0gS)vH;Pd_P9oUfEo^68>W zZu_I?hhY{%`>-#o7T>c|Eno})a!vrbHov6Z-B`Z$3sQ`#V2RWN^5~1F!~2NCht#3` zRD{KE`&LDb$GhBW3?MaG4kidyC_fJsH8}i+r&p=BRl|G9FWi;0eH3cGEZR_hs!%un ziyRDZzR!o91Mzbld@@>Dtn0EO`j-qTRCsD{@Kb3;fPl^68AbLcK2My4!cnyr?$QaA zM#F3Dl{K^deB7Py*Hdc;l|jv6$o=x*KxH$F_g&t%J0?D?Ej+Y{=k0GjU90rxq6C`k z3$4vO=P?sod=epwy;1HUg}!&~*RO!>ir(4o8n#*m`d0E7N7i{P@gn5Dz?K^X@6dS?($Bo!NlqEQ;qiF%0WJcsR3!5 zip0Tr&v~w2gYymqxuyoAd_`uSLetJ#`a>cgDm6j6?m z(ZXBqHB1o5%}_Grr$Sg0ssb*tbJ}}3GwbQkch17UJ|)&os7^`Qe4ffaDZ7T?dfH@o2>8i3Wze)vt4+*_Wf;<^Xq^R?c@(JjrG1lnok7*2YIvD5*^+K| zTYYi`#?P?uvD&(o)4J*$MLcUo9fw3d9Wbc#wN9(~(~ReDs?W9j+@@SY&!_l+n$8)| zW^#Nds1tI_={AcrQ14wTC1;N<4WZK!GC-9*>tn;-l|D*yNhFFE?2RFCK_vuxc_N{eiHu6zqtu&(11x1+X^I#X>NggsWA+NqtM)2^X znP*x*@@RcD2N-SJN~}FOsSFf$$@St8Ej{l34NNhZdH3GPF{q4S z_(IXLUu^rqm6@E$ot`D!rZ`AR)BMUSY*?q+npR^yN*JdSJ+j|`H~rO~q~prfA6vFR zt8!U|sJm5hr~=q2s_p8vU#KeyBJG$*Bd$=x>o4TZg!in~r(9sJpVRB`FtXGxKCR*u zPUN2aRDA%-GUMbMO)!hH{)8HL(DoXlsI>7g>1gkZN_w|r z>R(64WIf>4Mhic>EaSu`yDML%-+dsBYRnGpjv~sBu=)ip*&An8vEB|p^mnh`+YY*w z+i(NloiKdxxx0V)6hK3sRk+CeLhWo@!NJw<&$jEmX&)js)_g*A*{z2n-9z8CWe1UV zly<10GpnN`pM5&Bvz)s*99RAxHvN7@0c?`}p^&^OWi#5(sk@EwjT%LH>aizARi9xY zT%+`BDh-PkD<)*r*xf}_IV#A=ryb!S456Bq3_RB<*1KpR9QqR76m*p42fBONxwB$y z(QW?P^BcFFrj!Fd8l{$;q)LleN?Q1v7epQjVVZPpEo7zHI3U&7ZJ1MdW9GFu2BhuH zkFl(2aN_swzGKc7^-yFi>^23wILKm5Rv*>S;<)dK#Dp|367Cbsp^1#)`P53jOt21d z)Ejz=wmS{ZD_V;e=)kkrKw~s(W8|UUi0TS|fg$n>&N2ULOfUgvzSmrZlnkQ=JCv~> zHAO8fz;Xsp$u27I3SdH@SvSBy@6bl0sttA%s2;5BKKJ(f;O};jio>faXSaFeIq+9Y zS2(VoKcGM&(=8TjP^=WHe(k#qMWHb+7gFN_j_+ozt6N*n4)}1Ff)A1d@O8u4s0%x= zyoZkZNHRB9ZOZm0F$-ymq+a1_Q$H^8CY~$NDTMCnG$Ii7M~2E$csH zaVJ`tMgf!+>=g;FZ!h~IL`Jf{5yeu5`NK_$*>>Vu;7miw zJ=yDQoRDc_3Vw@TkZ<|jZU#mv;oIAVj8$H=gjm~&Cmv3Oo^qzQz>d~r;{Yx66oEGz zYl*Xl8TKonA7X`TPA|qb+`NhjX^#ok6S=A2o=A>MQ-@#D*LK8!4!6DIazZX|92Kgh z-Vd5DacVTZ-^~-;;;WRpgDw8(Az)4|td$8A1UxV2~O^cnVq^ zngC=W)YRI_Ckv4vP&WYtBmp8N=@z+mzK^tpfz(F${=vh(r_^VEwiom7gPNY*W+wfz zKr57tbVlIjNGNhW>$u8lG@I#{Iq6)@*Zv?RuNf4ui@blrv@;x0^Yr=O=h(i02_YSV zOoXe~(Fy+j`uHE>oQ5;}eZ7T0rxw5fT*LnU6sq!1n|!%JtJ9O@5^MLyT}#btthUZ? zt)NLXOZTrM0DYKqtN3e2s2dDos%Gud&At+RPx%3ursT|rDvNO9*05*gRBon5D5aY0 zWm2bw=5&?5)Eb#x6>uJ0d;Zx^F{Rd}@qHI-HgUvMKS*-m8BGG!RO3~zn$g$!7)M&w!S8wm2YZ&+SIM_#4m4=GXW<(+UnVaW0kMfNp!0x3tGREt$a?1gvZln%f6Z+4bGS?O5Wrwo@LlZs{gR2x`g-cny1yOxd9gzH$Z zrgJhvuHk=N*MjEgl+co<&YFodm^Z@&8OcMsj>f1ZslmM5F|=T5c3rNP!OZj7n?@n5 zVAf4j3QP%hYw&^nI=u1y+EMHXIuz41r1G z-p7VWxw}5TUy@u>KI}QOpwEo%7qg2##o?0606MjCv|KY{3SpImMJ-@o8fLRjboIt zVYueL=*oLd91g>rr5{mhWgCm5kd?p6 zyf94?zKy{42=QTN3cG(`TXjFrN7rZ43#Kq-H|E$u2y+u#mEnLk88Zc%BNmJozJgYS zCL}n@{Jv0+=oM@#EeIB)Ba^G~8jg@rGn*Rb(UT#!Ii)|7hs%WuhyGLtlqsxMQCBGJ6PbD69!fFMUn zkvb1@L1p2fZ^=zm8P+?8cz}BrmB8b9S(|y|J5E`Ui{yGSrEk2mCET1Cu+$RkuP}i4 zafiPq6Jq!!k6dn`>e)JmW4^s@^DkSwg)e1)*nn$ZC}H0kjn`R7bKF8uy=#2>U`Ebm zAS{bsJzz(Qi73=Gc=%H)?6XYMko<%MrGen;<|f&DH|KvSTz~4j=5oj8Y`{n`4F{th9{n2;Po};=cp#*B$_c}LT!b6#={^p%-#$D**%X`?Km>{ zhDbN08d9n`mrgx?`fXowtu=P`3ZqOeN1lu;02pBinX%)Ww~pvH?P<({sSbBX{ly~3 z^?6<`hWkR!-gyYeOj5}&{av^^;LAg^ODyG9g^Z6#;7xjricrY?Z^SK<7VThau_g=xKch123FU3q0Gog&DYO-nSv2g6{zrj1i#{L;B zr(>AcZ1~*dfn()*iV}xx>XClatpo)Yg3hFy?y`SPA?1S8T@2gOsLNb-%Ff6jBPGx( zf?SYMCN?D3PRLb4yG-yI{pDx<)QpyZ+>ND?Ue^08$^mrXe_&g8ffnhku`G%!g&9l= z4bHwKVN`d66M<>6`Ub&e;!P=gq?0SIkY(BI3UR_WPKBU|BGU7F>aphQc7h!S*>O#95$FPS^1&6uGtAmydnq|K7EJ zIGV7!U2&umf*A%mW5QhfJ@DL7Rp&To<*Azm!^o;+*q!4xs*(y)U(KX2irPjzPFLCf zObQdq5@GyI;o6rS%+^-=+TEY*X3{jc9Ar@}%Iu$emOpL`LaL@ngM~PHWNaFrWYdDL zkiQHd4*?mF>(=BCZsq34b|k}3L=I)|DpKg;yPsmHBN)*a>8ix(jtcSwf7OMxS~*Sq z!SU4p!tv?<;5Z#w!(Z>6BB6SrWCD*~U_w~W`z*5&XEmM4!%$->)M@NjcK-$C@<__P zN!t8}6LM1N%rTXFRL}8H91CgjW4B}L_<3jpBoFX|K`(_NEN&1_wPw=;7=WTFjKIcx z*~KuYd2X^^S6hgX0TodH_DZUAF2M%H;2^6K8;9%HJAgBqPj{pN(VKCoZ&Mu2F#L6KYRQ;R-1D zaVVMIp8wD7$T!(k3(sLW-w?Na&$AQm4GSpT#BYvX&FbGK(cL?-s~j6iKGn6lCfBgh z3&!QwWk~VD3+3{BPKm4#fwi~)!tLHaxLxi$;R6Nmcm{D>w{st4og%Nt5iF4WR>z_( z@fsAsd#&%7tJ(N_XLZpC_EllsD%&{6NHq+=a0Q_~nM4-pcb7FjZXzN6uXUOb_}XF38=feMn-R9gEFjWT7jOyPE%g@90|M!Q@c{Lu5bE1vL zqEre0b+P7`HGw@y00?O1{p2L0>af$Qd(c19`y4gzv+d({FpQo(u$KRO$p3@U{XjCh z6V8*S8askXD-_GFDpl`&3Yslo-c#5uYjAI_L^m~3RzL^}CC%tCIP&ei?DLuuv-pO8R zmgE7Js#KMfGJ%$THh4Yj@z+_iMvS1-LKaG#!o^?5zrY01p>GxCtX%llIm#dWMzpw( zPXT2$#>ws7`m4H&`-ywjS;ir2gPgX%`IMuainMcayDPh^Mc2z{694uW&cij*C?trb zwyrx{B~o2T)Foxmb>uO=tr8fasUOQIknwIXuX}U4s_dzaxNwd;PEIn^(~<7l|3U8R z_nJI2Mo#U<6kd0YP^yB9O|nHaEL|%(@qm8-mfLZs&{nG}1k|erm+c2HUE{NRjQ%`$ zs1jlh4Z#asMHe5BVo%g$Z|(6w%qbJTD#*`_G#<&eEt}V?5Ud@EvDQCeIq0As%B*|e zuaB(X;K?Qti2K@GsQ_ZGxH0>(x9$3Q#~`ycxw5YIq1SIbbANe38FcIZ7P|tLa_G=E z?2!Bl>m1jbE72)2@%__}kC$co7U@-uC%wi?NnZEYKVH{8zwzNcrwP-M(TS|cqDQYKjt>K%QPbIUPn8%9^#H{9%qck`=3%aQ2<5ya?hu@56^Z7uhTb|m*HSd z05hEp_mfn!)Ct_0??7?Z=5 z^1dmE3Q|(_SsMDzgERy6k6ua&Fqx5@HI{5vkummrhkI)W1@yWB_+y!%Vnrq4Y4b-l z9^vXbBQQ|b>JM19ZJ9bc#KyXwm0Qs2z4>XF#w95}EB zO~*tqM)W9iws=nPh1**DlEk+LNVMp_nV=f~j(mK8u$u^&}lHMlZ=s49dZHsC`yM~DUu2+k7k z+UQ#5e_>>ej?#~$S4tF1RtC_V75moc^2!v~&KetIHLc!7dYh^jIg*(M{ekHWi6EeA zeou37=0Y?zn!39o40$&(DJp1PA%5OPF?FXvsw>JulK6HD-+j>_{S=sk0hnK1I6mH` zuOKj271_S|6D+)E%K9-B9b`&9d1i2#Z@QO-d|ya-dtaBYQpHxa{Hg}jaNa2aR1kzR=x;v3HrW90!*(%95y48KErpd@(m! zlAhXB;o_gY<|d0a;$pGFFVD%{DU(c8uElaAE+#}kh__C-gGs&p!I z3M&@YKCh28Xv(MSB4df~RyHU;1*&Fy|2S3WhYn=#5PODQ zn{DkI$HPCg#-)qJp-%XC=Uc3FaS+v*?&dv!b{JX4aa>L}1yIg9g&KTx29X>^zacVp8vzX>K2;ZSq@5Tp<@{^m zQ;w^jdt`&&VYp33k5kvUeFEH2h_R@m>-q5QWZvYTxedFP!oPlN<|u=Moy&+I$gc1Q zVR(O&zAWpR#dSRZm|Zwtd*>+hRQ7RehiUHULih1mYsD^de2uF5uLU#?ZjiwoV(N{0 zpBSVz{2*C9*Vf=cWp;=i=;A&IK%E6j@wi<)uc0ROQgZz0&X)T-Uz(KmY(GuL3(h)e z?7@~%`Vk82f}u!1`+5aFyGkU1iqUasFf`@jwg6P{M^ zqD8o0?*@U*Dy0a)egZ}Ye=yf=36{g`3;Sbq%VK^TU8&zjSGq1_c>h^W(AV3|_v)%h z>&D$;3j?4Dq1+c2x;K%-0Z{9!=cmH8<24Ojn1o62ct?Ecp=!A?)wK-1_V&h{+rR0t zuKIbKpkI+Jd&abP-eb%!lC>R>`4*$x%@YoJvN%-7x+lw9EqsG|M7o!wwAwNh{cgPC zy(=&jDSfIDm~(gRDCuC}s`9fV{EyFO06a~q5N&CSdF{WDGKW3O z7rL8Om37Ouqdub1^yfvTHt4R{uALwCUk?c64G7}?$?f{hJLhHqC72Q4?xIVgci-Mp z>bCdH7sWPEmj>R4i z`{QSme?DK3?VY%cUU=+Cyw)d-zJ>=4Chqm-Ien%(9&@P#be1?&jVU~xlrb~EqeY54 z0a$Y!*~is&5D2eNpjc-whYvZgx9`ji+x-!>{Hd%ARwNluoCRY^0( zBUm+#XDp#{2#S>4<>DKhQZ!zA!Tdkm{V{;)cA&7$gPE>Zcd9MRvZ0gl*9*>rDS)b| zQ-PK&2)_jsLjlq_-h`WeV$=^+qBwJ|>beYPY4}w}h<-aodb6$SZ=Xs^9gq_Clvx+2 zjcEKX^Z$*GZqPF`Ywdc`td?f{b$F8czYYxu0|5`h0zPKCdHg>1EOmdzpmG0^wj@mp zn(6uf^r3a{nPGjso`=ZzKG}FBI3D~D!k$rOnU%)je5XF@vz3P5-?afz2MRRHM?SKi z$yROK+}w$Z<{LjlNqHn|^&bPDixn!bv!5DImdK`K!-`h+V#drjed^zU2$nl;uuGZugP%~SGkPKC58QNykE)>}|z#cAt z-szQs*SCdo3@}+3l^~H_{&}vWlvD(fM(DJKfGgZA-Y(tjm<^~bXqL4Lv@km%%hiWp zxJk=yp=?ruJZv*z5fw8!R$u*Z*m;x)%b_6^E0Agk!U3?)4c_W{p-61|-Q}2IXBqb8 zRF!jNMck1`z8Q-iwr#D+Yniq6@)r(e`A2&45MD#)%`AKwRZ55)5a%wVH{IhVxeoH= z?)}t+On+0HthEIL&T{ohdaNO>0J*BE)B{fz067d3Ra7DuZfkuTJ zGB_@%%jy*0$i`z_t$(&Y)K|qfSX+V?`?wr-3NP}bN)M+&RRS1qL5X_pVz3W&Ey8=xA9)O0Kk0E){`%e7zIYoU@_P6S zh9drPhUTFuE^PjevUZ@nf+h=kZPopv&sqFV_1fUlIswStFiMw>6>W z6n)vfQsp~@U+0j0eT1GK6S}Zk(-y9i<D`s5r3y9mqq7b(U2 z2&zY?{hJ|c9!cNW69)H)YnGrN40Enxd|1B$%CAeCq^G+`pS8Kvu>0-PU;Dudd;~f$ zr0g|_Z$0}EyKfnCvDj7GRoHOCPX5VVmkoQ#-}sO!!13Ohj|Bm}xkQ`2K`!HO$&Q+ z=1yjrHLnt8GCioRv+jYRgKD$Kk8=u`7Q`c#?b#=mP9ywgg3 zc6#%bmI!%DDvIaJvD=}wd5xq<0VN6A9_s#N>dHaCz+;g)O5{@KfgA*Xvb|iszld73 zsxbIP?K$DPX#3xQxGgT=-TMDq93Izp5esPczO5OgyTAq8j%%=N-a~Ai+*YtojHda~ zADwOp=}ngjX%=A75IL8ps55F5^1Hs_@s;anwr#ka$@dSFB1gw+sv>f|H&T|z!$U4| z04_(6?X4``zXSXqaQNzf;V`Oom+q3)`gcDILM#pV(<99w%w4PCCoMa}3=UAhKEII= zu0b{6^zqS0M`zxw6EN^TbJ1rn8$O}AHL&sV1c;B4_Ny~dHm&0~^ZyT=ObJ*oN^yTS zA}msMvuPXCGCTv+dR%&&)w`klh@%DoF4W2bC>S+Hp=qig@G=L$-tqbt$yj^ zuV%o#%^z`*B$Tc|^b^F_zto>T%}#C&uA;sl%`NkQ%ZzZk&_TRT-bMk$gLGn42(YtQ zRe)6AP&VJ{UKxbV3q`&yS-%&q&Ydt03qdf2?xKpBt%A9&ITy6B6Lyb;2JLKO+jKN9 zo@*d37(5Gpag|lp&lm)}sjJzHWRe*9;3nW-AkFOKI z7nt=_)p4lZVN}Tl;Br?d5(Y4bjR9LY=Z9jtJ;QbN6hHRYd=N%5He+s^i{s}y_oS1lQ& zP8=XT=Z+YT@GGvwqF+xZKMh|BsIPW6TY4Lqy?w&kqC9^k+;$X)I4*y_Rik`u;Bbic zC!Pp+>~MN>-^54XpSSLG?g#-HX`Ck*q*8!^E?eN=Y#&a=b2VxIe`k9t^nbCv0;B#2 z78$>r&X)l9O1tz&4C}^<82XWMmTLEYlRc}~=%U^`w?PTgP(qjtHzMw4E1#5RtiD-Be4tzx>ZH3qltA#V!6@|o%3vndZZ@~Aqx`cOU zT1uDa+guB}9IR%qlQpkuc~}}>W6pIriEXRy+TNT*=ss|RoSf=ZWy3Giq>q;E$20T=ff#w)1dip&mTn7>d% z&`)f62NP0bkA?U-S5RwT*zIO0j6{!TH~XI?(ewy-m{9OF46Y?UW;z_04#Ks{-Z0 zInmL^y0F1%Qk4p#X^|mC%&LwEGmgR4A0|Io+x>ZZknC@}6@1Uta!Z}Fin%TH{FbM( z--L-pns?Necc=_sc*sG>){JEGIa}JG5cy}p;h`UgP3Ybs=_>3?Q)so@tUQ!?=qHl$ zK+fsfrazsIP`nC_Cwq;04<>fEhA|l`fA>8Neg?9SlEWt5 zE>({MgM5pDoEtIkkVV!yV-a zxV`)So92@lEd>4H{dza-*|d!Z`gR}XOc6u(FEkr8dOunw>h+y>Hwz{toWA#Qv+~=O z^rZLSUv@1}W?7{?;4W)=bX@ z&L?kd^HeqUpzq20*P#F$etTqPTze=X5U>p7fA+3nj+g{J;_3ncxg?LS-PO@`nL(d-|0Bm;1{$9R+*B9ZG7L)(K@+;OX01zixtFkiW;_vjNH36Vcs)d5p)& zEpIYk5Au0W@}$tvD-L{uUtz22TnF5XyAJMP(ZU{~4H*=cd)L)MI@Z1d8$ACrJT0Hu zR!s94vs|{B`QTDxH9_NK6U$c+6uP<4`qvN{T=8DYa{1>$uTbTxpaX+lZcZRBxDcqx z!S_Qr;5%4b)+O}Q^&TuNeeb@{d5x)Il?c(@jYiaV%<_toh{>=hl?(OA-oke0uy=;N z-}wqJzrf}yb}zC}xdgWUI&r4mzo@~-QW{qLj8p70T#?(t-a1gg@J%0ajh?9Ca(FS{ zKryby-4)Z6XxXA##XwefHReJEy~lL@1!etCaF15}G|@=MoOmUSOl34ONx`C*M@FFP zIjZI??II?@0jO9Sa|Sl9(!R?O?|HJ`<3-U zGixh|BeZ_g>l@AERgEtT1=+;d+t{K^#!W6Yp4bTor0n38->IfI$xs^W@! z&t9vyv`fDm@o7y;Jbd@y9X{=grI-cOaM_Cfsfj=06{5xUC=}#6b6r0thxqR@vbIa#vf<`0K9n zB;Jfrv=7T!H)2d~EIdoos73uu2Qd74tW2@#*Tk2?5E+v6&|K&*A4^aN^65cmJ}}o| z77oy+RFISx%sFuqwgIg6R7t_)+z%~v;{Y8Ao%xSEF`5(Lr3?1A*Je%+6j>as#3+f2 z&QC(>Do&0<{9(9#vOQnk?-~gLh9=siD#=$JxvlWfd21C2+1CEiKLeblH~KM^2hUi$h#`mZsbV1_%L&X*c$OqK^4c zeBXEJS?VMMkf21up zO*@Bd%-@;teNF+1SXfh_2YADPk342QUQDDXp z?baQ)?{@-rD2R7^-ehsZ3&W2>o7`pDlZ}B#qvt)%ymVC)Z3``xlzIu>gY~1&sLXoB zPH^f2`^=ATe9Sy;+WI#JgV#5vVNvqj7OlJ%GLWJ+vu#>P;jR*Pe z*RGH7nRA5_^~fsNgSu%Op6ud^@%5*FnmYaXJnofQ$Q4*$TQs}tjxUdpwgexAv-K7) zEe*B5SP9>emar&|{?ggH*ihV15$6u^oRxdlOp2!DeLiYVQ2J)@t^ijk5H(Mot1{N} zpNet!x#`a0M%Y5|a#n5=YVr()$xR;kJ@OoL?G|_5LfeyR$&nD(1C>hAL(5w&TZDMB zd=HNh@j2v`nx`})?u+@3wlf_IO~m$K%&~7>fijGCmyb4s{)b+InpKZyF2XGXNMIq7 zW-^PCSojF&rmu)Kto9(&U5tMnMF1r9+mbSqq5O7-ji>9UzSU2yd1|;3;9N*yS zsH&H4%@uo_MR5b+Oz)i`d5urKpK#Wty!nMAFdT5e*CgL^>cBqy`eiYDQ>7$N*mke2 zYEcGHJ~5i?%LscKSQ%3j8M5~Mbr&P)8CVRb{O9r^O34X#mqpX~`plNNf&aNWc;3Tr zN$PLE_emQHl_Yh5ZlX)Mp?6;oDmBgQ!-Ls6TJ>lpw!tzS1Hl0RA|=11i3tGi>6l?q2{ZF_ zl$y2;Y#5OdOW0G3HqT@fEA5uhTD5`<6%F|0%l959PN`d&sd4rA#F9H!AT~I zXEm3JH$stq-zEL$lmU?{X7!y?GpHleB)Y34ffhqsH21iUw5h$E`C=U7`@ zS@$$YC0^BRL%=?UI6uY~k5#^7b80hN-i1_l3ko~LHj!4n|Je|?;RSvG;k%@$$@rAd ZZ_tM7&H>>q>0h+~Iydw+OVnYZ{|imei2(or literal 8685 zcma)?2T&7V-|s=`z4t0ANUug|5v58K>AeZ4AOR@~goIwCsYovYK~Q=T0TDv)5Q>1* z5Q-py&|4tk2LI3VyzhPQy)*aBWV1WjGjlfQ?0!DqUlRMsK#P`&i;9Sdh*n2i{V@^I z6&1q1It3YF`&=kOknl$A^H}RXQN=LNAHo5No0`5F5m9v#^|>P{;h54(+tP=Kh_3ze zMa(MlFocLmFib~X&E&P+Ru0I6r^l}qX7aU&R{AB?7g-yDmvq8ZEH+bDUQUHw*((;H z*pCR4-HWsjEDHUg8vb135$VS~5|4ax?RyNF20AfpW1>!>*cKgZUco&E1*V^x_dfbP zZ+KZQlvo{Z;Wsp66k+B2&Q(e7?8wvK-{0-nf7>$&3|xHIq@)CT_1o2LVRLwJ_9_t@ zbC>`{7z2x#wbyfJmOVN2>j(jVvY=g{8UsnSZhCrp$k33!Ab3`zf~Gji+%cDi&x!m# zD3Bsdz@PEcV@gT8A2C5hv$L~1i{bQ3d}^B>z3YM$VZUxDAO1AnnQ^ad>!1h5Yk3@P zqV$Q?Ho@!rY-$XhbS_}94Y<8VT(@^`ucl{Fu)QOpd&(Ya`$Iw~kR4wX9YJVM$SLJK z%amSWq^*T{2Jh5ZI9E)tnx=aT9NZ1edBF+saB{lO4NPbs_r1Ue{|MsFjoM#B0LIn} zqt|e{Qq4cL0ZGT<{O7F&$%SGcRkX)k`%SF`ayJY&)LYsFG-DO1^BUs$@YW;0=ifuIH*8f;vOCP&&s zBPwb^w~O-!1K5j9K7wA6y1#{)zA;1-i`T$g%B2&Gd{kTr)A3{ryN*s7bk@sY-~?4zW|tGFWp zo#F^~J=s9*Yq9eVx49pB+`Gzk;mD1TWB0%O<8tXiI% zCN3jq6W_03oO8aTjH;8Z9z4glB0K|en?Any(+}BKkJ*B6r7VEDm)iS;{!&-ifww&VBN46v49!{UqCYNP5pEB!zIFOc^Q1Q1kP0(zT98betKR`#qV@LBLnKItH zOB&_)S~tWJXWwpPQYfqV(JYVWpqEhbvjf7$b?6X);8iq9j?dd+iXIxG_b!daa6y=C zpkzOjo?ZtmDb|#3XhUV_o(zA`ba3_sZX!VgCu53p6}8J(H-#T@47%pE>`G!H3-+-x zc|DG#e6DhF(r^CE07<30t!Sg2T-c(_i)H2us?sw^&7L_uWrm+KV%vC-Nnernpjwg% z(^JmAwqG$9wePsOLkBmM3*Dzv9MdICxZ&sn(OEYI|7$B`0#{2PMN(DuFQnGV4t#nW zbK=(^u{!nL_SWgT$bCnSJV`BzYc+TtnkVgOIQUf7v+)la-60``z^~2{RsIMKx{Ux{ zD0?DL# z7n%M&;lReXx>Ippl!$2~LCsakWG8Lc+vf~RvNUknCiI5I0s&3tyOVw zuvVFubKj%{drrx3Z#c7Ed2Gprq&Kb#Nx)ud{Rx3h_{4b?b?SvY7uvV`b2LnRimfk!2V(U>ZgyU=X9nzwg;~C&ony#;MpJJVI|AwC)I$Kb8)Y~gXNQI6p9H#ma99cDwFB>JC^NCT4$|a?aAy?@_O1{& zkVMw0RIN4Z9!csVm5$7;8w2){-lZB#lS%3VK{>gPuJenb>!%Ihhlai+mK8IWw&xG6 zt`>h{R=O$U-)d*Tbx5tZySxDsGQgiqR2O+MUu!wA`pJmoE4@#c?I}iHqG|n*7oER& zNjY74a=4vx7mLF;?z3Z1$U1;h$dEryGXyE)8j)uxc71Y+`b%@%8q{RbHl^_??p;T8ua$C zJaKpu;m1%}S!-vK^P={-)Y5Bi=uA0$s(Qcpt3ZNrZ%Y2$(^%>Acprhh-SPHiF=z2~ zeBB6){Bj}_KeI&V3kbuKW{r?6i?c@a!YG@@Ie8n41&PnF)+@JKH_bjVB7I&UaMN(m zTGfEo{yr}hb%ShPUBv$7sfj9M&3Q?~!iED@89VKb|Mp8Rw>J+q>Kz`voAt$L?j=W9 zqj0)W8!e?W6Ul{#-_hoDs%qt*-9~)#xK}#7?cGXa6A?E*Z?p<%zaE&jIAiO|qVfh- z=fLDj=jwRM3|<~@1qN4w<2WB*u;6`QgVabTz;Z|RMF4C4ov1yOH8d&$DkHe86X)hz zE410RpCcpS%6&&p((CITcb~6oSRKIOD_a{m^GDZ)b5Vcxlj7vGvb~0SgN^YdXn-zZ zmW#XO9&{+3>8vDe$I}KyB{KszYF&UZ{FHy%wnC}RJm%#2UEg9@ z>}?p%6{O>+h*PZvwNJX}w8dWuD(9Y8R0Q*K(}LN|23}V%dj)IE)z&veSQhtaK`*io z(GvbYG{Ri_b~8XjXz~<#ADn9me`AC1$fkr~kXJatSbh;#ePgX(Vq8hm^|Q((dA4_v zV#2p^vX=&@0iI1Gypq=CSAyaQC&s9w!{5H52jc!15*`Qqo%+7?vX}Z2qkSFV>9)3) z09r4`K)2lOJ0w1Gza4$RK%&M#>9e<@GxzcVDDXRV!k8f~ccD{b%C`tx)zCbcfr!DY!@7 zn;+frLHeBa*ZYy>+*7FC6#U)N)JiK;mmIzpPs8z2#pCauLC&B~YNn!E=BJhVW0a$O zEKX98!tWLJV%qapMMX0ySl#}o2sEE$OCt47m&f=8k-R!*xWkHcuIY7@5lo`qEBO7W zvlV!Ra;+yDX{Z8BO&-B8ifJ9SPo^~=8_f3wa7Scqrah;C_7^)M@_ZETFS{zhCl zj<{hYi7(VB=&`eT%PoiLqHKI;T>BfFwMNHVqNDlNQZW?sy@q5GR^g^)KdFDX=E=Ie zCQ*sT`Zd_DwVeGj%#%(}z=(eQ7wTv1iulI6f(;U@%{uZeG9pnE&-9K(#9dwMDi?8k zTI=LKVBqDQpRnUsM`ikX9T=M4-X(jyCzl#to!As$^dqm-Q)9_N4^EsQRqfaGcyF|= z*~v$WMUYoheUd-n4y>LpXj5kH4T@V#6agUxeEjc(CP!tJlGS5Ss>?%&=S1{8hYeZU zVr_?RjH0!i79Tdcp6CBz({wHV2KAQaQc;{boOAa650me5?CkC{s{;;>Re!uM?^yb< zlI9jn=E_CN)xlj+H|6MRx6NP#1EQAEgztTegry+gF3crul!2#3zJXo_ly?Y@wJ8Z zIpa<9M;`Msmce$yIpxBI7rSr1lH}^VA>tKXxSd}xx;49#*qq`Se<&mdD2QtnZPmo3 zl^oq#-Si8*|1K~f5q8A(wmDmV<6pzfKHn8vyBw#gyS(%kEhT#Q?$+@XI_7}f zfr_0s#xx!D;hEWFF!75%Y>I?YWVRX&sKBN!w_Cmcn3 zrvbOGWQ>5gsHB@FcpfaqqDMg&Ejb+@fH!~cSw_fxqA4@09_Z?~>YAwSJ_tCN1^xW7 z97}^WRzLl;|4lIT%qkVn3V2UeoKrdlf5k<&54iJQ`4zjva=~)d+6(;A8k0@aK>SCo z-C8!i_Q5uBacCF_%yqI3Vuqb}AeU3a^T8(*u-rW@bq%HV3|%87p*A*|+13niL04yW ze$EAboGrV{LG#;~TKU)5^W~*MM&Y?v{vV+K23EaBAJ7~&5r}tH^=~492OdEE2l0J5?Guz#NLMTZ&jJP-Y1V|Tf zv)?a!+Hzsp&Kt3?6z1J%cM~JM%3})sa0|^iW_QsKTT0dUI;E&U&aE24Z6dzl=eh{7 z^FE=C6}-P*g1LhxI?cB$m}N>OtBBPb8N{6zW=#3QmSdl(z~uh{txb+ zW)%L2OnZ3aHSTb#V~9g2hQlj4^>3Vx)_$Mv3sVkYs<(>fRBmA1#D6p%qw}2_eZ#R{ z$)ByqWWTOYPe}cvvQta1wY4q{a&9Bh-zkPaObIcwHgZ)DY`{dsfbWA}qq{j)8fX`Z>|Yt3G0- zW|^exE8SY;Qf_#iuT-W~h~lH*-VzgdPp7klPJX)yuAVx6TG1AY4wj#MGa3yzzM)fi z9?%^1$~t}2p>dMl=}&ykaGHhCr+2WDDgRv9p5lYi=I`X_w8Ac=u+Ed_SD3lB0;XAb zcf!isN=^}+kC}vhT}i*93V1%Z$lMR(H-FT<5W{}mX!1{N2pAfAA67pj8VU;h72X#p z;9{Os^!RI#$oItL^_=x9;PpfZ%^dO0!QDT5M`YnaSRP}1!$JL9@5@B%!cf!h9$Jgv zRpwm#X)npk{8I9_*|QCY8)?nT;S zP@Er!r?||J?ay91zEi62b9HH%O%O3m=0P$07I%gjPt?tJhQZ)d($6p0T5+K-m<%wp zA?B*SW)3YRt4X&V4qoN3X41|nC2;>~4L}#0dE*aZw)Ni;#~|}p+}#LkyQu@TSJp)3 z0(rJ+SJ}LH|9t`} z#Nh+E>)s8uSs)sp{flq{;L!5>tk(-f`-QLlhja-X(-aB}mQcl!;F*n^527ntW1D*N zcVzgy7+Mx2P&EGUWKK!^Xmq0fMpTBgo+S0)u9~_=CtG474()V`lKQ!Y$ zBn`RMcMF5{v-mR5QfwiWbQabBqzzIs7IIF|L2yk%i<8NOZWYh;=l1${2Ff=sviVLX z&4^1L7Ch-dQdFbQ6x(ShVYgS>x^0W0bQPOT#E2jKEBAewO2B#uMsUYCfGBC!T1D+B z-g&1N#CrEP7KFpT83?V~QCWNWt2t;IeGqZ&@I7+AmBu9lLBqJ1Az}ArpqU+9m!*lj zVtn3!osH=$^|Ps*`VZY|qHl^5mQrqyWES<{W;OTWtq{^w@&wHs(=g+>GWVAF(~kI$ ztga>z{vtD!PUrZ1i^ykvRL_P!TZMV&!V~#!Tui#{rC*qeRDl!iv`El~%;&XcW2Msd zbaJj_hOG(u7#sN*-A9XbI>-)$&1^l2H>i}nw^jNgqWlgSTf~Lu7Y zaqvtXuU>g#R^-s4dd1n#)KAuf0KpnC2>lPGcL$$P9lR_ za9f~dv*d@L!mN2U|A}@()0UN(tG#^Sj-zzQ|0UJU#Q8u`4x0TYe0ya!v? z0jlY-r0FSSe5F%I3ozW7KV1`89=MG{<3=$A1Fw{1dULB%L(Xt+?H&nx2Fs)}?$3%@~7 z$+o(tL6N|poDIs9a^$sD=dp5C(`{PNEH6xDto`X*3$EyAb&|B!7ZRq93dUip(;|Lo z%sr*@I9-`mgx#~A z`#!DYEdye4%Dg3c6G(-W4%O!tR( zx>t{TJ9&$;3pVJ}Ya}aqcv-hqPCn2hKKLmc-g0)_0G{y-?Kj3n@+2~msBKDHaK~Bi zdSyS^I5>?|Iav(%BGh{4;^>Z7{WgEe%%SNZr^j7V5Jpwpf$?0NCV(e#ukC1H`t)~$ zOqkh|n}p!j=K&(DG`A5>Wq$Auv1i8LeC9_FS8fVC6!kp3@(1TJ^P)jV_ma~!57dh$ z5caD=Rd5jy8Osm8L=(49XmPrgxma%)(CogiPJ)@$RJVr0c%imq_rm& zi{-+a=#d%y?GqbI`L|DW;XVN`f1w^17uVqOyH6O_DFIM}b)5`K@Pd`;)3N}drFRS0 zDG|HRLX!SWKX&ue5by*`fQu~Ccv;-b1(^u#{X$Bzu%Tw)a=|t9<6UZ>#NB%Jasjy7 z#<$KsCEoAun-6yf4bWvHS-Fye;!oWahD0Et6!#tce{G05=X$+5uVedeD~YqkH2$G5 zfKy%)I%r?m6Q6OA)gI2NXcAt^Zx`7zp{o2|+y-vJv2z8aWfHa69s)U<95)0eSO=aj z2#~(a6UBV;*S32>KDF4^MLq8*=%9GE@bLEbHRRRN+sdg7I^;KY4|TNtTYjPatD;8S z>@C;cP>Z>h&8H2gO<}604xUA6vGT!#Q~)_7#Yk}{fv3(4pEH5G`%)J0yUJxAkR8qz zx0u8-Elmiw&sxC?Wl{c~Ly&xWcmJKh2f7#8rUT~XB{c^0_VqoAvax5$W(pw7iK~x) z2%r=#=RPk7>VcwG&SodZRskw{U&$kP$U)^cZ1gf|*}nZI8icv$Q1~K#e~gKe3X zuXOe3xmWxHe35M)zUGWMQ%S@sbYcwBS(Xt-dhEw{?{+`Tc~C7&-BCK8jxn+r9DHv7 z?(Dy4?=RoZJ}GLFKX#(rF8VdZ@bjFY;PJ8+(@Y{2zJjXVrpkl3&gEzLUZl>AAigJmQWaD23;xQUDt^OwC`aMr-jL z{M#y$miO`o`=(o9vX)gauEfW;2&dF21 z-08ClN2bCj5ujnB|M?Al^~3-`|8nVO`!aDIQ!0goELP4Ly7 zhGy0`pY2xHhMQxoy<@F`nIq^V&GR)tP`AwM?hH;LXM+puA!}N=3(6X?`gRW1Y+xwz zSn711_J=^zUDp^QI4A1V5|h)(5i{k93p=8_?je?$n@4TjK*X5yb zRM3+G*IBWzg7`FK3?MJAhG@YaU}2;+mCIL=Y`q(Ls!=H6WS zKUC#`R>422BB8t!G#Y>XvUGcsX_OxTA&Zi;iJSGV5zxb7Hcq~1K9;_$TC2Wk6!{_I z=8$I-GT6^DIHl#_Ax_Pi_9^mz5A3DR`h>zfc=D;k4ENHkvne6(Zjns72_UtD_$q48 zJzk%(oidY7HW+BVHa1(CXN>hXA2W(2EPMUaL0auow4f8=k*U?v0;JzQdof3aa86Po zW0$h)RDr(t0##R^a(Zgq`~MdiO?f!PH)0-IWSY{g|hQ%9T}oQ}MD{-6G3H2=?vbu0ed$i9)UW^83Q1@slH_T`_lb+ciG zjVBkM_!hM!zmh**9tcID?TbgBteM-?#phh0xF@a*dYW=gAugQwcg}3d@=%}p+_`sPkM=Q0nbtN)Ard%L$s7t;y~3; z|G2?FDjMFf?C$E>&|fdB)R}?H&xNgnIIfx~;nK!>kV4mwC@E0|q1v z2QACIdwjgC?nX^~m5bZqF;`{@hsanzq}tbG2Q2WXg`mZja+|wuXkt6%U;8VoK@Ku8 zeC=sTPY(;2>IL`Ygkc543$mT`xN~fwVMg=B9YY=GbnLvUmhlA%#jzg(KyU?$uzMIJ zyfWuSH@UA;?^G4vrXNh(C7Ry6eU+%nP z0T;cKZ+fTA{+~|-3W{}ijMl7&pC=ogUtuI!5`D12#Wu{v$= z{%uk@IxV_R!R+SB4^MMEMe`mmxlpSW3w1A3tRsG-`+)El4I&*41NDmg4q^WbU@e4d From e2195a88cecd786d058e53f1095761a4beac9190 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 10:26:20 +0800 Subject: [PATCH 03/13] =?UTF-8?q?fix=E5=A6=82=E4=BD=95=E8=AE=BE=E7=BD=AEHT?= =?UTF-8?q?TPS=E8=AE=BF=E9=97=AEeng?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/manual/cluster-admin/basic-management-operations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 26b858430a..5599ec12a9 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI.Please refer to [here](#How To Set Up Https). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI.Please refer to [here](./basic-management-operations.md#How To Set Up Https). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` From 2839cd38c293825a7143b4249503aef89535f662 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 10:33:04 +0800 Subject: [PATCH 04/13] =?UTF-8?q?fix=E5=A6=82=E4=BD=95=E8=AE=BE=E7=BD=AEHT?= =?UTF-8?q?TPS=E8=AE=BF=E9=97=AEeng?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/manual/cluster-admin/basic-management-operations.md | 6 +++--- docs/manual/cluster-admin/how-to-manage-users-and-groups.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 5599ec12a9..6b77628a70 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI.Please refer to [here](./basic-management-operations.md#How To Set Up Https). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI.Please refer to [here](#how-to-set-up-https). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` @@ -153,7 +153,7 @@ Another example is to restart the whole cluster: You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. -## How To Set Up Https +##
How To Set Up Https
To configure https certificate for pylon, you need to obtain a digital certificate first, and then save the digital certificate related files in the dev-box container. In the dev-box, you can find the configuration file `services-configuration.yaml`, and then you need to Enter the file path of the saved digital certificate into the `services-configuration.yaml` file. You can choose a self-signed certificate or a certificate issued by a CA. Next, we will first demonstrate the configuration process of a self-signed certificate. The configuration process for the two types of certificates is similar. @@ -252,7 +252,7 @@ To configure a CA certificate, you first need to apply for and export your CA ce paictl overview picture -##### 2. 设置services-configuration.yaml +##### 2. Configure services-configuration.yaml In this step, you can configure it in accordance with Step 7 in the process of `Configure a self-signed certificate`, just change the FileName field. For example: ``` diff --git a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md index 492cb3ed68..c812f5c9f2 100644 --- a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md +++ b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md @@ -25,7 +25,7 @@ In this section, we will cover how to set up the integration step by step. #### Note -Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism.To set up AAD, follow the instructions in [here](./basic-management-operations.md#How To Set Up Https) to set up HTTPS access for OpenPAI. +Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism.To set up AAD, follow the instructions in [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI. #### [Rest-server] Configuration AAD From c6325eb8953bb0b95ab637998f818e4e15a8e3f2 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 11:05:47 +0800 Subject: [PATCH 05/13] Modification --- .../basic-management-operations.md | 24 +++++++++---------- .../how-to-manage-users-and-groups.md | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 6b77628a70..e3ab772edc 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI.Please refer to [here](#how-to-set-up-https). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#how-to-set-up-https). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` @@ -153,14 +153,14 @@ Another example is to restart the whole cluster: You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. -##
How To Set Up Https
+##
How To Set Up HTTPS
-To configure https certificate for pylon, you need to obtain a digital certificate first, and then save the digital certificate related files in the dev-box container. In the dev-box, you can find the configuration file `services-configuration.yaml`, and then you need to Enter the file path of the saved digital certificate into the `services-configuration.yaml` file. You can choose a self-signed certificate or a certificate issued by a CA. Next, we will first demonstrate the configuration process of a self-signed certificate. The configuration process for the two types of certificates is similar. +To configure https certificate for pylon, you need to obtain a digital certificate first, and then save the digital certificate-related files in the dev-box container. In the dev-box container, you can find the configuration file `services-configuration.yaml`, and then you need to add the file path of the saved digital certificate into the `services-configuration.yaml` file. You can choose a self-signed certificate or a certificate issued by a CA. Next, we will first demonstrate the configuration process of a self-signed certificate. The configuration processes for the two types of certificates are similar. ### Configure A Self-Signed Certificate -#### 1. Enter the dev-box onctainer +#### 1. Enter the dev-box container You need to use [`paictl`](#pai-service-management-and-paictl) to enter the container in the following way: @@ -169,20 +169,20 @@ sudo docker exec -it dev-box bash ``` #### 2. Create a folder in the dev-box container -When you enter the container, you need to create a folder and generate a self-signed certificate in this folder. We can create an ssl folder in the home folder. +When you enter the container, you need to create a folder and generate a self-signed certificate in this folder. You can create an `ssl` folder in the `home` folder. ``` bash mkdir /home/ssl cd /home/ssl ``` #### 3. Generate RSA private key with openssl -The next commands you enter will use the FileName parameter multiple times. You can choose a suitable file name to replace FileName. +The next command you enter will use the `FileName` parameter multiple times. You can choose a suitable file name to replace `FileName`. ``` bash openssl genrsa -des3 -out FileName.key 1024 ``` -In this step, password will be asked. +In this step, A password will be asked. #### 4. Generate certificate request @@ -210,7 +210,7 @@ In the current directory, you will find 4 files: #### 7. Configure services-configuration.yaml -If you are configuring for the first time, `services-configuration.yaml` may not exist in the dev-box container. You should follow the procedure below to change the configuration file and make it effective. Close the pylon service, pull the OpenPAI configuration file `services-configuration.yaml` to the local, change the configuration file, upload the configuration file, and restart the pylon service. The commands you need are: +If you are configuring PAI service for the first time, `services-configuration.yaml` may not exist in the dev-box container. You should follow the procedure below to change the configuration file and make it effective. Then, stop the pylon service, pull the OpenPAI configuration file `services-configuration.yaml` to the local, change the configuration file, upload the configuration file, and restart the pylon service. The commands you need are: ```bash ./paictl.py service stop -n pylon ./paictl.py config pull -o @@ -231,7 +231,7 @@ pylon: key_name: yyyyyy key_path: /path/to/yyyyyy ``` -In the example we just gave, the configuration file content should be: +With the example we just gave, the configuration file content should be: ``` pylon: port: 80 @@ -242,18 +242,18 @@ pylon: key_name: FileName.key key_path: /home/ssl/FileName.key ``` -Restart the pylon service, you can access OpenPAI via https. +Restart the pylon service, Restart the pylon service, and you will be able to access OpenPAI via https. #### Configure CA certificate ##### 1. Save the CA certificate in the dev-box container -To configure a CA certificate, you first need to apply for and export your CA certificate, you will eventually get a crt file and a key file, and then save these two files in the dev-box container, such as the one stored in the dev-box container /home/ssl folder. as the picture shows: +To configure a CA certificate, you first need to apply for and export it. You will eventually get a crt file and a key file. Please save these two files in the dev-box container. As shown in the following picture, the two files are saved in `/home/ssl`.
paictl overview picture
##### 2. Configure services-configuration.yaml -In this step, you can configure it in accordance with Step 7 in the process of `Configure a self-signed certificate`, just change the FileName field. For example: +In this step, you can configure the `services-configuration.yaml` in accordance with the Step 7 in the process of `Configure a self-signed certificate`. For example: ``` pylon: diff --git a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md index c812f5c9f2..033285a230 100644 --- a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md +++ b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md @@ -25,7 +25,7 @@ In this section, we will cover how to set up the integration step by step. #### Note -Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism.To set up AAD, follow the instructions in [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI. +Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. To set up AAD, please follow the instructions [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI first. #### [Rest-server] Configuration AAD From 1f510c5c83fa7a6eb4cc621698d1e06c62816ba6 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 11:11:18 +0800 Subject: [PATCH 06/13] Modification --- docs/manual/cluster-admin/basic-management-operations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index e3ab772edc..cce36a6e4e 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -242,7 +242,7 @@ pylon: key_name: FileName.key key_path: /home/ssl/FileName.key ``` -Restart the pylon service, Restart the pylon service, and you will be able to access OpenPAI via https. +Restart the pylon service, and you will be able to access OpenPAI via https. #### Configure CA certificate ##### 1. Save the CA certificate in the dev-box container From fc891a71f802ffa785a08dfac216ab6c4bca55e0 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 14:07:32 +0800 Subject: [PATCH 07/13] fix link --- docs/manual/cluster-admin/basic-management-operations.md | 4 ++-- docs/manual/cluster-admin/how-to-manage-users-and-groups.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index cce36a6e4e..26cc691f0d 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#how-to-set-up-https). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#How To Set Up HTTPS). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` @@ -153,7 +153,7 @@ Another example is to restart the whole cluster: You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. -##
How To Set Up HTTPS
+## How To Set Up HTTPS To configure https certificate for pylon, you need to obtain a digital certificate first, and then save the digital certificate-related files in the dev-box container. In the dev-box container, you can find the configuration file `services-configuration.yaml`, and then you need to add the file path of the saved digital certificate into the `services-configuration.yaml` file. You can choose a self-signed certificate or a certificate issued by a CA. Next, we will first demonstrate the configuration process of a self-signed certificate. The configuration processes for the two types of certificates are similar. diff --git a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md index 033285a230..bc11d8ac06 100644 --- a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md +++ b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md @@ -25,7 +25,7 @@ In this section, we will cover how to set up the integration step by step. #### Note -Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. To set up AAD, please follow the instructions [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI first. +Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. To set up AAD, please follow the instructions [here](./basic-management-operations.md#How To Set Up HTTPS) to set up HTTPS access for OpenPAI first. #### [Rest-server] Configuration AAD From edffb93d16b70ea8c432c4eee01f3e3e7a922b28 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 14:10:20 +0800 Subject: [PATCH 08/13] fix link --- docs/manual/cluster-admin/basic-management-operations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 26cc691f0d..1a542bf28b 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#How To Set Up HTTPS). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](##How To Set Up HTTPS). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` From 73bb2253bfc0718cc567e5da9917f44dc95c40b0 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 14:11:12 +0800 Subject: [PATCH 09/13] fix link --- docs/manual/cluster-admin/basic-management-operations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 1a542bf28b..26cc691f0d 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](##How To Set Up HTTPS). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#How To Set Up HTTPS). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` From 0e3b4d4d590b656e56edf21a79ebc7622d1f7198 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Thu, 12 Nov 2020 14:19:28 +0800 Subject: [PATCH 10/13] can link --- docs/manual/cluster-admin/basic-management-operations.md | 2 +- docs/manual/cluster-admin/how-to-manage-users-and-groups.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 26cc691f0d..5637f1ec85 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special -To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#How To Set Up HTTPS). Then, on the dev box machine, follow the steps below: +To use it, you should first set up `https` access (Using `http://` won't work) for OpenPAI. Please refer to [here](#how-to-set-up-https). Then, on the dev box machine, follow the steps below: **Step 1.** Save following yaml text as `admin-user.yaml` diff --git a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md index bc11d8ac06..033285a230 100644 --- a/docs/manual/cluster-admin/how-to-manage-users-and-groups.md +++ b/docs/manual/cluster-admin/how-to-manage-users-and-groups.md @@ -25,7 +25,7 @@ In this section, we will cover how to set up the integration step by step. #### Note -Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. To set up AAD, please follow the instructions [here](./basic-management-operations.md#How To Set Up HTTPS) to set up HTTPS access for OpenPAI first. +Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. To set up AAD, please follow the instructions [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI first. #### [Rest-server] Configuration AAD From 2f0e426b827184646cf1596fbd54c0310de536a4 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Fri, 13 Nov 2020 14:40:03 +0800 Subject: [PATCH 11/13] can link --- .../cluster-admin/basic-management-operations.md | 7 +++---- .../imgs/{aad => }/openssl_CA_result.png | Bin .../cluster-admin/imgs/{aad => }/openssl_result.png | Bin 3 files changed, 3 insertions(+), 4 deletions(-) rename docs/manual/cluster-admin/imgs/{aad => }/openssl_CA_result.png (100%) rename docs/manual/cluster-admin/imgs/{aad => }/openssl_result.png (100%) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index 5637f1ec85..a25181a6ad 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -176,13 +176,12 @@ mkdir /home/ssl cd /home/ssl ``` #### 3. Generate RSA private key with openssl -The next command you enter will use the `FileName` parameter multiple times. You can choose a suitable file name to replace `FileName`. ``` bash openssl genrsa -des3 -out FileName.key 1024 ``` +In this step, a password will be asked.The following commands you enter will use the `FileName` parameter multiple times. You can choose a suitable file name to replace `FileName`. -In this step, A password will be asked. #### 4. Generate certificate request @@ -204,7 +203,7 @@ openssl x509 -req -days 3650 -in FileName.csr -signkey FileName.key -out FileNam In the current directory, you will find 4 files:
-paictl overview picture +paictl overview picture
#### 7. Configure services-configuration.yaml @@ -249,7 +248,7 @@ Restart the pylon service, and you will be able to access OpenPAI via https. To configure a CA certificate, you first need to apply for and export it. You will eventually get a crt file and a key file. Please save these two files in the dev-box container. As shown in the following picture, the two files are saved in `/home/ssl`.
-paictl overview picture +paictl overview picture
##### 2. Configure services-configuration.yaml diff --git a/docs/manual/cluster-admin/imgs/aad/openssl_CA_result.png b/docs/manual/cluster-admin/imgs/openssl_CA_result.png similarity index 100% rename from docs/manual/cluster-admin/imgs/aad/openssl_CA_result.png rename to docs/manual/cluster-admin/imgs/openssl_CA_result.png diff --git a/docs/manual/cluster-admin/imgs/aad/openssl_result.png b/docs/manual/cluster-admin/imgs/openssl_result.png similarity index 100% rename from docs/manual/cluster-admin/imgs/aad/openssl_result.png rename to docs/manual/cluster-admin/imgs/openssl_result.png From aa4e71cbef3c19a3a8c02e52706ec9620f32e708 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Fri, 13 Nov 2020 15:19:50 +0800 Subject: [PATCH 12/13] add a space --- docs/manual/cluster-admin/basic-management-operations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/cluster-admin/basic-management-operations.md b/docs/manual/cluster-admin/basic-management-operations.md index a25181a6ad..120f2ef8bd 100644 --- a/docs/manual/cluster-admin/basic-management-operations.md +++ b/docs/manual/cluster-admin/basic-management-operations.md @@ -180,7 +180,7 @@ cd /home/ssl ``` bash openssl genrsa -des3 -out FileName.key 1024 ``` -In this step, a password will be asked.The following commands you enter will use the `FileName` parameter multiple times. You can choose a suitable file name to replace `FileName`. +In this step, a password will be asked. The following commands you enter will use the `FileName` parameter multiple times. You can choose a suitable file name to replace `FileName`. #### 4. Generate certificate request From 4f95dfbef9bf93a8b484a6a36dc0a0a92b5edd39 Mon Sep 17 00:00:00 2001 From: v-guowzh <285009003@qq.com> Date: Fri, 13 Nov 2020 16:17:35 +0800 Subject: [PATCH 13/13] fix links for Chinese version doc --- .../cluster-admin/basic-management-operations.md | 4 ++-- .../imgs/{aad => }/openssl_CA_result.png | Bin .../cluster-admin/imgs/{aad => }/openssl_result.png | Bin 3 files changed, 2 insertions(+), 2 deletions(-) rename docs_zh_CN/manual/cluster-admin/imgs/{aad => }/openssl_CA_result.png (100%) rename docs_zh_CN/manual/cluster-admin/imgs/{aad => }/openssl_result.png (100%) diff --git a/docs_zh_CN/manual/cluster-admin/basic-management-operations.md b/docs_zh_CN/manual/cluster-admin/basic-management-operations.md index 2486d28a59..b6ee07055c 100644 --- a/docs_zh_CN/manual/cluster-admin/basic-management-operations.md +++ b/docs_zh_CN/manual/cluster-admin/basic-management-operations.md @@ -204,7 +204,7 @@ openssl x509 -req -days 3650 -in FileName.csr -signkey FileName.key -out FileNam 在当前目录下,您将会发现有4个文件
-paictl overview picture +paictl overview picture
#### 7. 设置services-configuration.yaml @@ -250,7 +250,7 @@ pylon: 要配置CA证书,您首先需要申请并导出您的CA证书,您最终会得到一个crt文件和一个key文件,然后将这两个文件保存到dev-box容器中,比如存储到dev-box容器的/home/ssl文件夹下。如图所示:
-paictl overview picture +paictl overview picture
##### 2. 设置services-configuration.yaml diff --git a/docs_zh_CN/manual/cluster-admin/imgs/aad/openssl_CA_result.png b/docs_zh_CN/manual/cluster-admin/imgs/openssl_CA_result.png similarity index 100% rename from docs_zh_CN/manual/cluster-admin/imgs/aad/openssl_CA_result.png rename to docs_zh_CN/manual/cluster-admin/imgs/openssl_CA_result.png diff --git a/docs_zh_CN/manual/cluster-admin/imgs/aad/openssl_result.png b/docs_zh_CN/manual/cluster-admin/imgs/openssl_result.png similarity index 100% rename from docs_zh_CN/manual/cluster-admin/imgs/aad/openssl_result.png rename to docs_zh_CN/manual/cluster-admin/imgs/openssl_result.png