From 50e80a98a6e755f1000fd8d83838ffd0214c5391 Mon Sep 17 00:00:00 2001
From: Ekaterina Chernova <efedorova@mirantis.com>
Date: Tue, 2 Jun 2015 16:24:55 +0300
Subject: [PATCH] Add Active Directory app

Change-Id: Idec3a09356f5aeefd9c7734218fbc98d7bde36d5
---
 .../package/Classes/ActiveDirectory.yaml      |  68 +++++++
 .../package/Classes/Controller.yaml           |  28 +++
 .../package/Classes/DomainHost.yaml           |  46 +++++
 .../ActiveDirectory/package/Classes/Host.yaml |  75 ++++++++
 .../package/Classes/PrimaryController.yaml    |  49 +++++
 .../package/Classes/SecondaryController.yaml  |  42 ++++
 .../package/Resources/AskDnsIp.template       |  12 ++
 .../Resources/CreatePrimaryDC.template        |  16 ++
 .../Resources/CreateSecondaryDC.template      |  18 ++
 .../package/Resources/DomainSecurity.json     | 134 +++++++++++++
 .../package/Resources/JoinDomain.template     |  25 +++
 .../package/Resources/SetPassword.template    |  17 ++
 .../scripts/Get-DnsListeningIpAddress.ps1     |   7 +
 .../Resources/scripts/ImportCoreFunctions.ps1 |  68 +++++++
 .../Install-RolePrimaryDomainController.ps1   |  43 +++++
 .../Install-RoleSecondaryDomainController.ps1 |  69 +++++++
 .../package/Resources/scripts/Join-Domain.ps1 |  67 +++++++
 .../scripts/Set-LocalUserPassword.ps1         |  37 ++++
 Windows/ActiveDirectory/package/UI/ui.yaml    | 181 ++++++++++++++++++
 Windows/ActiveDirectory/package/logo.png      | Bin 0 -> 11014 bytes
 Windows/ActiveDirectory/package/manifest.yaml |  35 ++++
 21 files changed, 1037 insertions(+)
 create mode 100644 Windows/ActiveDirectory/package/Classes/ActiveDirectory.yaml
 create mode 100644 Windows/ActiveDirectory/package/Classes/Controller.yaml
 create mode 100644 Windows/ActiveDirectory/package/Classes/DomainHost.yaml
 create mode 100644 Windows/ActiveDirectory/package/Classes/Host.yaml
 create mode 100644 Windows/ActiveDirectory/package/Classes/PrimaryController.yaml
 create mode 100644 Windows/ActiveDirectory/package/Classes/SecondaryController.yaml
 create mode 100644 Windows/ActiveDirectory/package/Resources/AskDnsIp.template
 create mode 100644 Windows/ActiveDirectory/package/Resources/CreatePrimaryDC.template
 create mode 100644 Windows/ActiveDirectory/package/Resources/CreateSecondaryDC.template
 create mode 100644 Windows/ActiveDirectory/package/Resources/DomainSecurity.json
 create mode 100644 Windows/ActiveDirectory/package/Resources/JoinDomain.template
 create mode 100644 Windows/ActiveDirectory/package/Resources/SetPassword.template
 create mode 100644 Windows/ActiveDirectory/package/Resources/scripts/Get-DnsListeningIpAddress.ps1
 create mode 100644 Windows/ActiveDirectory/package/Resources/scripts/ImportCoreFunctions.ps1
 create mode 100644 Windows/ActiveDirectory/package/Resources/scripts/Install-RolePrimaryDomainController.ps1
 create mode 100644 Windows/ActiveDirectory/package/Resources/scripts/Install-RoleSecondaryDomainController.ps1
 create mode 100644 Windows/ActiveDirectory/package/Resources/scripts/Join-Domain.ps1
 create mode 100644 Windows/ActiveDirectory/package/Resources/scripts/Set-LocalUserPassword.ps1
 create mode 100644 Windows/ActiveDirectory/package/UI/ui.yaml
 create mode 100644 Windows/ActiveDirectory/package/logo.png
 create mode 100644 Windows/ActiveDirectory/package/manifest.yaml

diff --git a/Windows/ActiveDirectory/package/Classes/ActiveDirectory.yaml b/Windows/ActiveDirectory/package/Classes/ActiveDirectory.yaml
new file mode 100644
index 00000000..8746628f
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Classes/ActiveDirectory.yaml
@@ -0,0 +1,68 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+  =: io.murano.apps.activeDirectory
+  std: io.murano
+  sys: io.murano.system
+
+Name: ActiveDirectory
+
+Extends: std:Application
+
+Properties:
+  name:
+    Contract: $.string().notNull()
+
+  primaryController:
+    Contract: $.class(PrimaryController).notNull()
+
+  secondaryControllers:
+    Contract: [$.class(SecondaryController).notNull()]
+
+  adminAccountName:
+    Contract: $.string().notNull()
+    Default: Administrator
+
+  adminPassword:
+    Contract: $.string().notNull()
+    Default: P@ssw0rd
+
+Methods:
+  initialize:
+    Body:
+      - $._environment: $.find(std:Environment).require()
+
+  deploy:
+    Body:
+      - $.resources: new(sys:Resources)
+      - If: $.getAttr(domainDeployed, false)
+        Then:
+          - Return:
+      - $._environment.reporter.report($this, 'Starting Active Directory deployment')
+      - $securityGroupIngress: $.resources.json('DomainSecurity.json')
+      - $._environment.securityGroupManager.addGroupIngress($securityGroupIngress)
+
+
+      - $.primaryController.deploy()
+      - $.secondaryControllers.pselect($.deploy())
+
+      - $.setAttr(domainDeployed, true)
+      - $._environment.reporter.report($this, 'MS Active Directory is deployed')
+      - $.reportDeployed(title => 'MS Active Directory',
+                         unitCount => len(secondaryControllers) + 1)
+      - $.setAttr(domainDeployed, false)
+
+  destroy:
+    Body:
+      - $.reportDestroyed()
+      - $.setAttr(domainDeployed, false)
diff --git a/Windows/ActiveDirectory/package/Classes/Controller.yaml b/Windows/ActiveDirectory/package/Classes/Controller.yaml
new file mode 100644
index 00000000..f787b97d
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Classes/Controller.yaml
@@ -0,0 +1,28 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+    =: io.murano.apps.activeDirectory
+
+Name: Controller
+
+Properties:
+  host:
+    Contract: $.class(Host).notNull()
+
+  recoveryPassword:
+    Contract: $.string().notNull()
+    Default: P@ssw0rd
+
+Methods:
+  deploy:
+    Body: $.host.deploy()
diff --git a/Windows/ActiveDirectory/package/Classes/DomainHost.yaml b/Windows/ActiveDirectory/package/Classes/DomainHost.yaml
new file mode 100644
index 00000000..fb7f32b5
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Classes/DomainHost.yaml
@@ -0,0 +1,46 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+  =: io.murano.apps.activeDirectory
+  std: io.murano
+
+Name: DomainHost
+
+Extends: Host
+
+Properties:
+  domain:
+    Contract: $.class(ActiveDirectory)
+
+Methods:
+  initialize:
+    Body:
+      - $._environment: $.find(std:Environment).require()
+
+  deploy:
+    Arguments:
+    Body:
+      # If domain object exists, deploy ActiveDirectory first
+      - If: $.domain != null
+        Then:
+          - $._environment.reporter.report($this, format('Deploying domain host'))
+          - $.domain.deploy()
+
+      # Deploy this host
+      - $.super($.deploy())
+
+      # If domain object exists, join domain
+      - If: $.domain != null
+        Then:
+          # Workaround against broken ResourceManager:
+          - $.super($.joinDomain($this.domain))
diff --git a/Windows/ActiveDirectory/package/Classes/Host.yaml b/Windows/ActiveDirectory/package/Classes/Host.yaml
new file mode 100644
index 00000000..224968ca
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Classes/Host.yaml
@@ -0,0 +1,75 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+    =: io.murano.apps.activeDirectory
+    res: io.murano.resources
+    std: io.murano
+    sys: io.murano.system
+
+Name: Host
+
+Extends: res:WindowsInstance
+
+Properties:
+  adminAccountName:
+    Contract: $.string().notNull()
+    Default: Administrator
+
+  adminPassword:
+    Contract: $.string().notNull()
+
+Methods:
+  initialize:
+    Body:
+      - $._environment: $.find(std:Environment).require()
+
+  deploy:
+    Body:
+      - $.super($.deploy())
+
+      # Deploy host only once
+      - If: $.getAttr(hostDeployed, false)
+        Then:
+          - Return:
+      - $._environment.reporter.report($this, 'Setting up password')
+      - $resources: new(sys:Resources)
+      - $template: $resources.json('SetPassword.template').bind(dict(
+            adminPassword => $.adminPassword
+          ))
+      - $.agent.send($template, $resources)
+
+      - $.setAttr(hostDeployed, true)
+
+  joinDomain:
+    Arguments:
+      - domain:
+          Contract: $.class(ActiveDirectory).notNull()
+    Body:
+
+      # Join domain only once
+      - If: $.getAttr(hostIsDomainMember, false)
+        Then:
+          - Return:
+
+      - $resources: new(sys:Resources)
+      - $._environment.reporter.report($this, format('Joining host to {0} domain', $domain.name))
+      - $template: $resources.json('JoinDomain.template').bind(dict(
+            domain         => $domain.name,
+            domainUser     => $domain.adminAccountName,
+            domainPassword => $domain.adminPassword,
+            ouPath         => '',
+            dnsIp          => $domain.primaryController.dnsIp
+          ))
+      - $.agent.call($template, $resources, 1800)
+
+      - $.setAttr(hostIsDomainMember, true)
diff --git a/Windows/ActiveDirectory/package/Classes/PrimaryController.yaml b/Windows/ActiveDirectory/package/Classes/PrimaryController.yaml
new file mode 100644
index 00000000..a3896f3f
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Classes/PrimaryController.yaml
@@ -0,0 +1,49 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+    =: io.murano.apps.activeDirectory
+    std: io.murano
+    sys: io.murano.system
+
+Name: PrimaryController
+
+Extends: Controller
+
+Properties:
+
+  dnsIp:
+    Contract: $.string()
+    Usage: Out
+
+Methods:
+  initialize:
+    Body:
+      - $._domain: $.find(ActiveDirectory).require()
+      - $._environment: $.find(std:Environment).require()
+
+  deploy:
+    Arguments:
+    Body:
+      - $._environment.reporter.report($this, format('Creating VM for Primary Controller for {0} domain', $._domain.name))
+      - $.super($.deploy())
+      - $resources: new(sys:Resources)
+      - $._environment.reporter.report($this, 'Configuring Primary Controller')
+      - $template: $resources.json('CreatePrimaryDC.template').bind(dict(
+            domain => $._domain.name,
+            recoveryPassword => $.recoveryPassword
+          ))
+      - $.host.agent.call($template, $resources, 1800)
+      - $._environment.reporter.report($this, 'Defining DNS listener IP')
+      - $template: $resources.json('AskDnsIp.template')
+      - $.dnsIp: $.host.agent.call($template, $resources)[0]
+      - $._environment.reporter.report($this, format('DNS listener IP is {0}', $.dnsIp))
diff --git a/Windows/ActiveDirectory/package/Classes/SecondaryController.yaml b/Windows/ActiveDirectory/package/Classes/SecondaryController.yaml
new file mode 100644
index 00000000..92a089a6
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Classes/SecondaryController.yaml
@@ -0,0 +1,42 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+  =: io.murano.apps.activeDirectory
+  std: io.murano
+  sys: io.murano.system
+
+Name: SecondaryController
+
+Extends: Controller
+
+Methods:
+  initialize:
+    Body:
+      - $.super($.initialize())
+      - $.domain: $.find(ActiveDirectory).require()
+      - $._environment: $.find(std:Environment).require()
+
+  deploy:
+    Body:
+      - $._environment.reporter.report($this, 'Creating VM for Secondary Controller')
+      - $.super($.deploy())
+      - $.host.joinDomain($.domain)
+      - $resources: new(sys:Resources)
+      - $._environment.reporter.report($this, 'Configuring Secondary Controller in')
+      - $template: $resources.json('CreateSecondaryDC.template').bind(dict(
+            domain => $.domain.name,
+            recoveryPassword => $.recoveryPassword,
+            domainAccountName => $.domain.adminAccountName,
+            domainPassword => $.domain.adminPassword
+          ))
+      - $.host.agent.call($template, $resources, 1800)
diff --git a/Windows/ActiveDirectory/package/Resources/AskDnsIp.template b/Windows/ActiveDirectory/package/Resources/AskDnsIp.template
new file mode 100644
index 00000000..6d6bd402
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/AskDnsIp.template
@@ -0,0 +1,12 @@
+{
+  "Scripts": [
+    "Get-DnsListeningIpAddress.ps1"
+  ],
+  "Commands": [
+    {
+      "Name": "Get-DnsListeningIpAddress",
+      "Arguments": {}
+    }
+  ],
+  "RebootOnCompletion": 0
+}
\ No newline at end of file
diff --git a/Windows/ActiveDirectory/package/Resources/CreatePrimaryDC.template b/Windows/ActiveDirectory/package/Resources/CreatePrimaryDC.template
new file mode 100644
index 00000000..6633057d
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/CreatePrimaryDC.template
@@ -0,0 +1,16 @@
+{
+  "Scripts": [
+    "ImportCoreFunctions.ps1",
+    "Install-RolePrimaryDomainController.ps1"
+  ],
+  "Commands": [
+      {
+          "Name": "Install-RolePrimaryDomainController",
+          "Arguments": {
+          "DomainName": "$domain",
+              "SafeModePassword": "$recoveryPassword"
+          }
+      }
+  ],
+  "RebootOnCompletion": 1
+}
diff --git a/Windows/ActiveDirectory/package/Resources/CreateSecondaryDC.template b/Windows/ActiveDirectory/package/Resources/CreateSecondaryDC.template
new file mode 100644
index 00000000..4512ee5a
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/CreateSecondaryDC.template
@@ -0,0 +1,18 @@
+{
+  "Scripts": [
+    "ImportCoreFunctions.ps1",
+    "Install-RoleSecondaryDomainController.ps1"
+  ],
+  "Commands": [
+    {
+      "Name": "Install-RoleSecondaryDomainController",
+      "Arguments": {
+        "DomainName": "$domain",
+        "UserName": "$domainAccountName",
+        "Password": "$domainPassword",
+        "SafeModePassword": "$recoveryPassword"
+      }
+    }
+  ],
+  "RebootOnCompletion": 1
+}
\ No newline at end of file
diff --git a/Windows/ActiveDirectory/package/Resources/DomainSecurity.json b/Windows/ActiveDirectory/package/Resources/DomainSecurity.json
new file mode 100644
index 00000000..07f98a10
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/DomainSecurity.json
@@ -0,0 +1,134 @@
+[
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "25",
+	    "ToPort": "25",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "53",
+	    "ToPort": "53",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "53",
+	    "ToPort": "53",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "88",
+	    "ToPort": "88",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "88",
+	    "ToPort": "88",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "123",
+	    "ToPort": "123",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "135",
+	    "ToPort": "135",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "137",
+	    "ToPort": "137",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "138",
+	    "ToPort": "138",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "445",
+	    "ToPort": "445",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "445",
+	    "ToPort": "445",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "464",
+	    "ToPort": "464",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "464",
+	    "ToPort": "464",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "389",
+	    "ToPort": "389",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "389",
+	    "ToPort": "389",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "636",
+	    "ToPort": "636",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "3268",
+	    "ToPort": "3268",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "3269",
+	    "ToPort": "3269",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "5722",
+	    "ToPort": "5722",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "9389",
+	    "ToPort": "9389",
+        "External": false
+	},
+	{
+	    "IpProtocol": "tcp",
+	    "FromPort": "49152",
+	    "ToPort": "65535",
+        "External": false
+	},
+	{
+	    "IpProtocol": "udp",
+	    "FromPort": "49152",
+	    "ToPort": "65535",
+        "External": false
+	}
+]
diff --git a/Windows/ActiveDirectory/package/Resources/JoinDomain.template b/Windows/ActiveDirectory/package/Resources/JoinDomain.template
new file mode 100644
index 00000000..3d8cbeff
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/JoinDomain.template
@@ -0,0 +1,25 @@
+{
+  "Scripts": [
+    "ImportCoreFunctions.ps1",
+    "Join-Domain.ps1"
+  ],
+  "Commands": [
+    {
+      "Name": "Set-NetworkAdapterConfiguration",
+      "Arguments": {
+        "FirstAvailable": true,
+        "DNSServer": "$dnsIp"
+      }
+    },
+    {
+      "Name": "Join-Domain",
+      "Arguments": {
+        "Username": "$domainUser",
+        "Password": "$domainPassword",
+        "DomainName": "$domain",
+        "OUPath": "$ouPath"
+      }
+    }
+  ],
+  "RebootOnCompletion": 1
+}
\ No newline at end of file
diff --git a/Windows/ActiveDirectory/package/Resources/SetPassword.template b/Windows/ActiveDirectory/package/Resources/SetPassword.template
new file mode 100644
index 00000000..101db0ea
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/SetPassword.template
@@ -0,0 +1,17 @@
+{
+  "Scripts": [
+    "ImportCoreFunctions.ps1",
+    "Set-LocalUserPassword.ps1"
+  ],
+  "Commands": [
+    {
+      "Name": "Set-LocalUserPassword",
+      "Arguments": {
+        "UserName": "Administrator",
+        "Password": "$adminPassword",
+        "Force": true
+      }
+    }
+  ],
+  "RebootOnCompletion": 0
+}
\ No newline at end of file
diff --git a/Windows/ActiveDirectory/package/Resources/scripts/Get-DnsListeningIpAddress.ps1 b/Windows/ActiveDirectory/package/Resources/scripts/Get-DnsListeningIpAddress.ps1
new file mode 100644
index 00000000..1db0b85f
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/scripts/Get-DnsListeningIpAddress.ps1
@@ -0,0 +1,7 @@
+
+function Get-DnsListeningIpAddress {
+    Import-Module DnsServer
+
+    (Get-DNSServer -ComputerName localhost).ServerSetting.ListeningIpAddress |
+        Where-Object { $_ -match "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" }
+}
diff --git a/Windows/ActiveDirectory/package/Resources/scripts/ImportCoreFunctions.ps1 b/Windows/ActiveDirectory/package/Resources/scripts/ImportCoreFunctions.ps1
new file mode 100644
index 00000000..85e64349
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/scripts/ImportCoreFunctions.ps1
@@ -0,0 +1,68 @@
+
+Import-Module CoreFunctions -Force
+Initialize-Logger 'MuranoAgent' 'C:\Murano\PowerShell.log'
+
+
+function Show-InvocationInfo {
+    param (
+        $Invocation,
+        [Switch] $End
+    )
+
+    if ($End) {
+        Write-LogDebug "</function name='$($Invocation.MyCommand.Name)'>"
+    }
+    else {
+        Write-LogDebug "<function name='$($Invocation.MyCommand.Name)'>"
+        Write-LogDebug "<param>"
+        foreach ($Parameter in $Invocation.MyCommand.Parameters) {
+            foreach ($Key in $Parameter.Keys) {
+                $Type = $Parameter[$Key].ParameterType.FullName
+                foreach ($Value in $Invocation.BoundParameters[$Key]) {
+                    Write-LogDebug "[$Type] $Key = '$Value'"
+                }
+            }
+        }
+        Write-LogDebug "</param>"
+    }
+}
+
+
+$TrapHandler = {
+    Write-LogError "<exception>"
+    Write-LogError $_ -EntireObject
+    Write-LogError "</exception>"
+    break
+}
+
+
+trap {
+    &$TrapHandler
+}
+
+$ErrorActionPreference = 'Stop'
+
+
+<#
+# Usage example for Show-InvocationInfo
+
+function MyFunction {
+    param (
+        [String] $Value1,
+        [String] $Value2,
+        [Int] $Int1
+    )
+    begin {
+        Show-InvocationInfo $MyInvocation
+    }
+    end {
+        Show-InvocationInfo $MyInvocation -End
+    }
+    process {
+        trap {
+            &$TrapHandler
+        }
+        # Main code here
+    }
+}
+#>
diff --git a/Windows/ActiveDirectory/package/Resources/scripts/Install-RolePrimaryDomainController.ps1 b/Windows/ActiveDirectory/package/Resources/scripts/Install-RolePrimaryDomainController.ps1
new file mode 100644
index 00000000..e8f1e5a9
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/scripts/Install-RolePrimaryDomainController.ps1
@@ -0,0 +1,43 @@
+
+trap {
+    &$TrapHandler
+}
+
+
+Function Install-RolePrimaryDomainController {
+	param (
+		[String] $DomainName,
+		[String] $SafeModePassword
+	)
+    begin {
+        Show-InvocationInfo $MyInvocation
+    }
+    end {
+        Show-InvocationInfo $MyInvocation -End
+    }
+    process {
+        trap {
+            &$TrapHandler
+        }
+
+		Add-WindowsFeatureWrapper `
+			-Name "DNS","AD-Domain-Services","RSAT-DFS-Mgmt-Con" `
+			-IncludeManagementTools `
+	        -NotifyRestart
+
+		Write-Log "Creating first domain controller ..."
+			
+		$SMAP = ConvertTo-SecureString -String $SafeModePassword -AsPlainText -Force
+			
+		$null = Install-ADDSForest `
+			-DomainName $DomainName `
+			-SafeModeAdministratorPassword $SMAP `
+			-DomainMode Default `
+			-ForestMode Default `
+			-NoRebootOnCompletion `
+			-Force
+
+		Write-Log "Waiting 60 seconds for reboot ..."
+		Start-Sleep -Seconds 60
+	}
+}
diff --git a/Windows/ActiveDirectory/package/Resources/scripts/Install-RoleSecondaryDomainController.ps1 b/Windows/ActiveDirectory/package/Resources/scripts/Install-RoleSecondaryDomainController.ps1
new file mode 100644
index 00000000..be9258ed
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/scripts/Install-RoleSecondaryDomainController.ps1
@@ -0,0 +1,69 @@
+
+trap {
+    &$TrapHandler
+}
+
+
+Function Install-RoleSecondaryDomainController
+{
+<#
+.SYNOPSIS
+Install additional (secondary) domain controller.
+
+#>
+	param
+	(
+		[String]
+		# Domain name to join to.
+		$DomainName,
+		
+		[String]
+		# Domain user who is allowed to join computer to domain.
+		$UserName,
+		
+		[String]
+		# User's password.
+		$Password,
+		
+		[String]
+		# Domain controller recovery mode password.
+		$SafeModePassword
+	)
+    begin {
+        Show-InvocationInfo $MyInvocation
+    }
+    end {
+        Show-InvocationInfo $MyInvocation -End
+    }
+    process {
+        trap {
+            &$TrapHandler
+        }
+	
+		$Credential = New-Credential -UserName "$DomainName\$UserName" -Password $Password
+			
+		# Add required windows features
+		Add-WindowsFeatureWrapper `
+			-Name "DNS","AD-Domain-Services","RSAT-DFS-Mgmt-Con" `
+			-IncludeManagementTools `
+	                -NotifyRestart
+			
+		
+	    Write-Log "Adding secondary domain controller ..."
+	    
+		$SMAP = ConvertTo-SecureString -String $SafeModePassword -AsPlainText -Force
+
+		Install-ADDSDomainController `
+			-DomainName $DomainName `
+			-SafeModeAdministratorPassword $SMAP `
+			-Credential $Credential `
+			-NoRebootOnCompletion `
+			-Force `
+			-ErrorAction Stop | Out-Null
+
+		Write-Log "Waiting for restart ..."
+	#	Stop-Execution -ExitCode 3010 -ExitString "Computer must be restarted to finish domain controller promotion."
+	#	Write-Log "Restarting computer ..."
+	#	Restart-Computer -Force
+	}
+}
diff --git a/Windows/ActiveDirectory/package/Resources/scripts/Join-Domain.ps1 b/Windows/ActiveDirectory/package/Resources/scripts/Join-Domain.ps1
new file mode 100644
index 00000000..403ef798
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/scripts/Join-Domain.ps1
@@ -0,0 +1,67 @@
+
+trap {
+    &$TrapHandler
+}
+
+
+Function Join-Domain {
+<#
+.SYNOPSIS
+Executes "Join domain" action.
+
+Requires 'CoreFunctions' module
+#>
+	param (
+		[String] $DomainName = '',
+		[String] $UserName = '',
+		[String] $Password = '',
+		[String] $OUPath = '',
+        [Switch] $AllowRestart
+	)
+    begin {
+        Show-InvocationInfo $MyInvocation
+    }
+    end {
+        Show-InvocationInfo $MyInvocation -End
+    }
+    process {
+        trap {
+            &$TrapHandler
+        }
+	
+    	if ($UserName -eq '') {
+    		$UserName = 'Administrator'
+    	}
+
+    	$Credential = New-Credential -UserName "$DomainName\$UserName" -Password $Password
+
+
+    	if (Test-ComputerName -DomainName $DomainName -ErrorAction 'SilentlyContinue') {
+            Write-LogWarning "Computer already joined to domain '$DomainName'"
+    	}
+    	else {
+    		Write-Log "Joining computer to domain '$DomainName' ..."
+    		
+    		if ($OUPath -eq '') {
+    			Add-Computer -DomainName $DomainName -Credential $Credential -Force
+    		}
+    		else {
+    			Add-Computer -DomainName $DomainName -Credential $Credential -OUPath $OUPath -Force
+    		}
+
+            $null = Exec 'ipconfig' @('/registerdns') -RedirectStreams
+
+            Write-Log "Waiting 30 seconds to restart ..."
+            Start-Sleep -Seconds 30
+    		<#
+            if ($AllowRestart) {
+                Write-Log "Restarting computer ..."
+                Restart-Computer -Force
+            }
+            else {
+                Write-Log "Please restart the computer now."
+            }
+            #>
+    	}
+    }
+}
diff --git a/Windows/ActiveDirectory/package/Resources/scripts/Set-LocalUserPassword.ps1 b/Windows/ActiveDirectory/package/Resources/scripts/Set-LocalUserPassword.ps1
new file mode 100644
index 00000000..8708a0f4
--- /dev/null
+++ b/Windows/ActiveDirectory/package/Resources/scripts/Set-LocalUserPassword.ps1
@@ -0,0 +1,37 @@
+
+trap {
+    &$TrapHandler
+}
+
+
+Function Set-LocalUserPassword {
+    param (
+        [String] $UserName,
+        [String] $Password,
+        [Switch] $Force
+    )
+    begin {
+        Show-InvocationInfo $MyInvocation
+    }
+    end {
+        Show-InvocationInfo $MyInvocation -End
+    }
+    process {
+        trap {
+            &$TrapHandler
+        }
+        
+        if ((Get-WmiObject Win32_UserAccount -Filter "LocalAccount = 'True' AND Name='$UserName'") -eq $null) {
+            throw "Unable to find local user account '$UserName'"
+        }
+        
+        if ($Force) {
+            Write-Log "Changing password for user '$UserName' to '*****'" # :)
+            $null = ([ADSI] "WinNT://./$UserName").SetPassword($Password)
+        }
+        else {
+            Write-LogWarning "You are trying to change password for user '$UserName'. To do this please run the command again with -Force parameter."
+        }
+    }
+}
+
diff --git a/Windows/ActiveDirectory/package/UI/ui.yaml b/Windows/ActiveDirectory/package/UI/ui.yaml
new file mode 100644
index 00000000..7f86a50c
--- /dev/null
+++ b/Windows/ActiveDirectory/package/UI/ui.yaml
@@ -0,0 +1,181 @@
+Version: 2
+
+Templates:
+  primaryController:
+    ?:
+      type: io.murano.apps.activeDirectory.PrimaryController
+    host:
+      ?:
+        type: io.murano.apps.activeDirectory.Host
+      adminPassword: $.appConfiguration.adminPassword
+      name: generateHostname($.appConfiguration.unitNamingPattern, 1)
+      flavor: $.instanceConfiguration.flavor
+      image: $.instanceConfiguration.osImage
+      availabilityZone: $.instanceConfiguration.availabilityZone
+      keyname: $.instanceConfiguration.keyPair
+      assignFloatingIp: $.appConfiguration.assignFloatingIP
+
+  secondaryController:
+    ?:
+      type: io.murano.apps.activeDirectory.SecondaryController
+    host:
+      ?:
+        type: io.murano.apps.activeDirectory.Host
+      adminPassword: $.appConfiguration.adminPassword
+      name: generateHostname($.appConfiguration.unitNamingPattern, $index + 1)
+      flavor: $.instanceConfiguration.flavor
+      image: $.instanceConfiguration.osImage
+
+
+Application:
+  ?:
+    type: io.murano.apps.activeDirectory.ActiveDirectory
+  name: $.appConfiguration.name
+  primaryController: $primaryController
+  secondaryControllers: repeat($secondaryController, $.appConfiguration.dcInstances - 1)
+
+
+Forms:
+  - appConfiguration:
+      fields:
+        - name: configuration
+          type: string
+          hidden: true
+          initial: standalone
+
+        - name: name
+          type: string
+          label: Domain Name
+          description: >-
+            Enter a desired name for a new domain. This name should fit to
+            DNS Domain Name requirements: it should contain
+            only A-Z, a-z, 0-9, (.) and (-) and should not end with a dash.
+            DNS server will be automatically set up on each of the Domain
+            Controller instances. Note: Only first 15 characters or characters
+            before first period is used as NetBIOS name.
+          minLength: 2
+          maxLength: 255
+          validators:
+            - expr:
+                regexpValidator: '^([0-9A-Za-z]|[0-9A-Za-z][0-9A-Za-z-]*[0-9A-Za-z])\.[0-9A-Za-z][0-9A-Za-z-]*[0-9A-Za-z]$'
+              message: >-
+                Only letters, numbers and dashes in the middle are
+                allowed. Period characters are allowed only when they
+                are used to delimit the components of domain style
+                names. Single-level domain is not
+                appropriate. Subdomains are not allowed.
+
+            - expr:
+                regexpValidator: '(^[^.]+$|^[^.]{1,15}\..*$)'
+              message: >-
+                NetBIOS name cannot be shorter than 1 symbol and
+                longer than 15 symbols.
+
+            - expr:
+                regexpValidator: '(^[^.]+$|^[^.]*\.[^.]{2,63}.*$)'
+              message: >-
+                DNS host name cannot be shorter than 2 symbols and
+                longer than 63 symbols.
+          helpText: >-
+            Just letters, numbers and dashes are allowed.
+            A dot can be used to create subdomains
+
+        - name: dcInstances
+          type: integer
+          label: Instance Count
+          description: >-
+            You can create several Active Directory instances by setting
+            instance number larger than one. One primary Domain Controller
+            and a few secondary DCs will be created.
+          minValue: 1
+          maxValue: 100
+          initial: 1
+          helpText: Enter an integer value between 1 and 100
+
+        - name: adminAccountName
+          type: string
+          label: Account Name
+          description: >-
+            Name for the administrator account. Note, that '@' adds automatically.
+          initial: Administrator
+          regexpValidator: '^[-\w]+$'
+          errorMessages:
+            invalid: 'Just letters, numbers, underscores and hyphens are allowed.'
+
+        - name: adminPassword
+          type: password
+          label: Administrator password
+          descriptionTitle: Passwords
+          description: >-
+            Windows requires strong password for service administration.
+            Your password should have at least one letter in each
+            register, a number and a special character. Password length should be
+            a minimum of 7 characters.
+
+            Once you forget your password you won't be able to
+            operate  the service until recovery password would be entered. So it's
+            better for Recovery and Administrator password to be different.
+
+        - name: recoveryPassword
+          type: password
+          label: Recovery password
+
+        - name: assignFloatingIP
+          required: false
+          type: boolean
+          label: Assign Floating IP
+          description: >-
+             Select to true to assign floating IP automatically to Primary DC
+          initial: false
+          required: false
+
+        - name: unitNamingPattern
+          type: string
+          label: Instance Naming Pattern
+          description: >-
+            For your convenience all instance hostnames can be named
+            in the same way. Enter a name and use '#' character for incrementation.
+            For example, host# turns into host1, host2, etc. Please follow Windows
+            hostname restrictions.
+          required: false
+          regexpValidator: '^(([a-zA-Z0-9#][a-zA-Z0-9-#]*[a-zA-Z0-9#])\.)*([A-Za-z0-9#]|[A-Za-z0-9#][A-Za-z0-9-#]*[A-Za-z0-9#])$'
+          # FIXME: does not work for # turning into 2-digit numbers
+          maxLength: 15
+          initial: murano-#
+          helpText: Optional field for a machine hostname template
+
+      validators:
+        # if unitNamingPattern is given and dcInstances > 1, then '#' should occur in unitNamingPattern
+        - expr: $.appConfiguration.dcInstances < 2 or not $.appConfiguration.unitNamingPattern.bool() or '#' in $.appConfiguration.unitNamingPattern
+          message: Incrementation symbol "#" is required in the Hostname template
+
+  - instanceConfiguration:
+      fields:
+        - name: title
+          type: string
+          required: false
+          hidden: true
+          descriptionTitle: Instance Configuration
+          description: Specify some instance parameters on which service would be created.
+
+        - name: flavor
+          type: flavor
+          label: Instance flavor
+          description: >-
+            Select registered in Openstack flavor. Consider that service performance
+            depends on this parameter.
+          required: false
+
+        - name: osImage
+          type: image
+          imageType: windows
+          label: Instance image
+          description: >-
+            Select valid image for a service. Image should already be prepared and
+            registered in glance.
+
+        - name: availabilityZone
+          type: azone
+          label: Availability zone
+          description: Select availability zone where service would be installed.
+          required: false
\ No newline at end of file
diff --git a/Windows/ActiveDirectory/package/logo.png b/Windows/ActiveDirectory/package/logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..7ab4e10a8b784277347f0e618bd13b6c89464b51
GIT binary patch
literal 11014
zcmV+hEBVxkP)<h;3K|Lk000e1NJLTq005Q%005Q<1^@s6JOOdy001h@Nkl<Zc-rlK
z3wT`Bb*?m)jj)LWh7eyMhEhJ)O+uOyg-1$#33(ANC6pxOQPL)q%Lj!^DNVUfzJ$b~
z^j=C+nkGQG$-RVF(#-55`6b)3BxF73t<hT=Nu!4)>ot<~+DEc6!ru3sGb3p<v)9`D
zoEZUj=X~G(G?He{oX0xr@vpW1m6es*GFxWLY?&>yUGQ7aX_n=kUffcBd}eFrYGgK3
zn`{2u<~@;f+kYB*>yH2KjokN0_27@bdZcg9y=7x9|FvZD^p4`l;+@W(v6`WGuFG7l
z%(lF>&YiWrIq`PxzcfXz{I}3d-jAD3J^UAyvp>AQJo4I?kBqo(+kay4Mlv{eopY3Z
zz&XQm9n);ReTLbblw}c>WhpA#>Fi^bjXiIK2fK4JSM)#G)_;a&H7%UmSkOC{_cQm<
z1AkX@;)mZl7Ex|LJXZ0s1EVb;+dp>tTE_^xqF{_&TsX;cGy%#cbDH4Hvn=O=CP=3=
zL7I;W6VZiA|DU#sX4$9hovfrbu-Fl5yCid^FR-omEX!&*!*YK+x_JE$x)$=DYM8qB
z(c00c9;_I6{VQe1>ppvAWa<x!#}>AdiN#9`BW#m>l5KEIX#z7F6%<8{2~AWBWhn`N
zBTIjaTO_Kr^71=aab@jddwWK(&QG&-n%NExzm@xP`|Rfb(>b%_h3<v>|Jpsf>nm?Y
zUi!1rv6`LxPjr8B|IpmE`$pKMMH7bEx~Ong6QDUwfEF|%h%OtMHP(vIteCY`uM-6;
z@%_e{*95DbDQ{LUwzjrr1nYe-M3ikjJap#z=jw*;d8%&s$p@<@3O;{i{P1mu#yUQA
za8$j446@4$hS)~UY}p(uLbA@OYCh0BTj!Y9OqsS6{pXUFnTyjnaat*H5xRP<`b>gG
zQ&t44tu3Rm-t(>D9hU2yK6lj*8s|U$Sl!86pQ;;s<gbnm|MJhvhAKZ_HZrnfe`IE>
zb9~`L_OY{<*duI%eM%FWxu}qEv`F^yqM9)20;CC>G84P`r=z~ovarOo7bI9o!h<bM
zunIK6s;JgXVS7ff)_UtcbuOzaawg}cU}R%{FTLj9!*AXFcLDW@uO1!W{bxrb`*!Xh
z>bPa^Kx9YJ=-I8#3AV|hIm~2QGf{Jz0O`UJ(=cRim3D{<$b3wgsNrB|Yi2E*#Q91}
z)I?<)PWQaFPiic~88-xR$t=ceq<CSXe1D4f9+DBPHQSohbGaoWZ{P6mP2+cbzh>ys
zhwCPOap#fI;+u~|>TW(Ty6|ywf?Zi~f^8}s*P^W%Bg%^UI%-USmb8v83`+ttAG`VU
zaW{VszVR^=mL0dEf*HN}QK3}h1TtP&63io^$oJ4>!OG7FmZh!b6w5g@eQwLod*9jq
zr2FK}fA5-j;Cn~=U-)+Ukn-gtBLg>;Oio_o99KW&j4XaoGh4Y@#FgWWh3kYSIK-6W
z=TMGwOjlkf-t2fS6LX-GKbyEXKGZ5fO89;y(V>rf&#L2?XP=G<R$E4}@GXC6ar>^o
zTi^X&-N_$){phH2&%q(zXO!^Zjm5)fKJ1LJjgFIAv^A+Y$<u6Ie2Bhej#il@%DG`Q
z;f5s&5)y?e6n3uT_Z$B{MNJSSm2c*_#~m+V9O2CfR#sO3+bk=z$Z}kfg)Qw<vo`2`
z_Z>VQy8Mk{&0(H4!t`u%D(39Q-H@WCn=}{IOon5vuGS3Ph%4a+irx$Uog(j{$#6lu
zz$AW-aDI>97r~tR6~St~ka4UgO>p*3uq`iy&tCWA;M^yE;G4Sd@%qT_ua_M+@>_qr
zZ))T=dni&c_|}~#`i8jsxb?_b*odr(G+`=Q?N4McqtH=d(|sa6y<uCWRYU?p;rAqI
zJVYoGg_QSq2$NDE(+GSg_+Z3otd0vrV|gjtQZ#e!<{!75`pa)rOg!<8it#t@Dj9Tr
zwq$VdkM@r)UR$Ii%oA+ALo->L`C6|<UmLX7A1>@;ueXlw3wQKv;O+NM4n)Em9J89E
zJ!eE|D=CcGm;<dxVKdtQW}-l&A%sg>Ea6G#MO}&LHrHWJ)I1!YD9L$O`OY}B53c6q
zd^X9^k3Wxi!8#8#R^KAaYF=QuwX^58{3<wn(?8S?-1~%k?74g19Dn_eqmvao4@JiE
zibvTs`9ti3`6HU}oQ$1tG}?;y2eRWGTumrGls~|JTh+o^e2qJJ-+lZ3sjy8K9z%fC
z)j2XHK0=$1X|7Yzh>mdl8bW~^ln6!w+Dl3Fy=bxnO%jBYr)3g_hv$zeoYYO?!;vJ^
z??Y4A@iwzno?^K#bicjz=?3-spZO;5e!6b_`wx{L|G!@;8>+kI@Yvw*6_1R4L>W1A
zg=3Um;uzO7&PhXyECGT`Pt7vk0|1E27f91ATl4$bYe(Izp&@ubSFjFDMg>c>uY~_+
ziz2c_ry4@GS2@lU);383mmmy0q2Q)&c%Mlyo6vW@*QT)H?Q@rCfz+-4YvAlRAFdgD
z@*9<rm+m>#UwQk!-j=+Q(KFljj<d_icr;Xxm1XE!z!vjiz^9IIv;pCzEMouH%+=OC
zee9JZ^_pNc?&b?tWLdDX2`5?tomyG68ZteAUz6yxgJula2T9X+0?7NC3Re3mmQxvd
z`-<Q6s2|-`H~7UTz2i^bS26LLX0q&GJUG<%nZ3hje%~>2_Ob#kT-O9=okM%VwPjP{
z5M<qlF(ND)bCMTgfFW?==*569l4-%>X%g<SBw|8<5D-BW$MwS!oO9W93_<=+FrlQ9
z*EK~`*naw)t$gO4+*d}<ZrK%>zUHS*GkJeoH}b?^RiAkAt7XHk&mKP6{f9-PBOfV>
zEL=$<>;v{uP5VR)2RO$;V;U&t1TWR{EUREG`qCpUBif3dfUc>sopCuYGa)({Ek!Sw
zZVF#L;?f1{SvidbL`6^}rwF1d=q3>gL~My>NnH)9a-%}dcM(V%0sB{=eNe!87ig@W
zv*&V-OrN{vr_Jhp5BnDW^4paoKfk|XVBhBsgxYRBG(2~MGQuu(OtOm{Gn&&p#nx-l
z(K_c+;aBu$G$k<~`+X(7px>;hka2txjt>z{bIc1=yUKAc;Ycbq!GZ)<6>Fv>e=8CE
zgpQla;aFf)NMY@l7!Z&|fukHP3BU~yK>9=1z|K1kgiAlQ|G2utIe7ZRg~M#4COGRH
zOE}GJ%w)|)Un@~3+7`=iEhRsrpyIr700ze6On$moIp1+l!?Hjs(L7o-DLcpUr&Kt?
zQYf6-up(HH!<<-R0(~!7j-n<b?+T}|F7dkw2V&q}A7K9|Dvw0A+`mg`tS7wVyEYY!
za(sk@kUJ^tj(^X5TxgG^1<)+IAiGYe;Hjj^H$_Q7u!xBSEtu1T&XE&jB>jXc3q;42
z=r18y8G$|nU~$~25b&`ccTeozs5#fkp)v)cAu4w6c(_PXHl1fu0F%bOVWP+<RZ|Gy
zP|$G_3Pg#NZ>o6!Bmv&501!gr{ZbO)2bHgJWVA2WN|?}Cf8&~bZew8tjtUgao|`Qi
zgPu~XK1hYN7J>GuCIN`neJsEXi5z&L7E%%I1eFX^<iVx@<O2Ae1UN2&1Q~HPVq(E^
z#|akbPsk)S1&L0AL@rQLlp7sUWZwW-YRSifjtNNeLeUj(UtBjqP;0Ir(H}tsLMD17
zKvYYB=vzjx9$ylyBqSC)XbRveRGjIDpaKQB0T`}AFtf1wrzOEsu*L&Hr2$b9;Fg!#
zp~*E+1Tde3V``x~DgvZ|2=Dx8vLYcW2gR52vEl@atD-TdQ3ZSiC>bj9n}A#v<fkQ>
zM+zo<Eo&^E$>RA_gy#zZHBnGPSwTQpg(4=83LJkZ`3)!vC{QBFxk5R?0`pK<o(f1k
zB$_2iIJr*?v>%Euh4RB^t8jxN2*Y`iANQuw<RUuJxma0($au9?Lavwad#nf+>S#-(
zP*Umuq2kmHRL>;XuVquH0C_V)#i+XMaib<*B2OqvAz^i6pdUt&Yi!oX5?&B0QM^XY
z3(=abRDCQ_<V!6+Ol$QyYVvohO9FXM5-eeomzqfa^86D~zKn{KsYJy?W)AFN9Uw(8
zDxNcJMQDggt&An-(L^?4g@~k8vJ@320g$|i1#+4pr(00sLO2m7ci%`e09e45N=io+
zG%z4d4Nz3ZL(IX91Z0XS;$(BWZJ_88431Pp$yjyX*UDc~<b5GHF9=;ktf3$c04d=`
zOeX8Ch^XNKK)$6bBPfjVf%^cmEFwTwp()^4D7c42gwT^94dPL}V2wy7qdDf)dP+yd
zZ#JPYI1HB2Pzh2FEE-njur6*jD+c^hJ}#Ja?pB?5BH=_5vzkoOvBX-ExY4Ry+Q@oT
zND+)rkg!Fsf#^IWDnP*&d6_~#vtTw96-vPk6i0{^1pZf$Ck{)xLf^ql*C<GcPmsi~
zRZ}Q>(lG%6wK&!!%1cSn<dPVy16mR7gNIuISqugEtTj`JRUW3eh{gZOM4$vqq^2<{
zBqmZ*iYmytsbYK#sv0Gtrc>2?(wrc9MUqOc5HdN$L=%H3r9-F~3?;lYgG^U3T|-j{
zpy^NrhNz?%1z@QJW+(v<nBE7K!zxos=|HtZ1nFGis#H!|Ls5|w5>Ta}KxTo$!k<#j
zJB1x-ZiRxN;#3h-b8^#KDx4yNf(kGdhP8jmrkhlYrcj|0-Lrz~NHp0jsuQBXQ;+rH
zad4$1_7sbP#l^8WO{F5D4h1O26Y^4F)v7?lDxq)%DWMX-t9afqu}dc{DV=oSTts~r
zQaS0)6`JH^NM{O*tkL_4$zvv|M1?XnQ$!Z_r;^<zCK9>maZtpWP6Z&9#NI^2912vd
z2XR%YFs=w-btoJHx+^N~0&&mFs$fB>7a2g)Omza<z=^bVDWW>3WV2(fY)0h+y*&Sf
z%aH&S)+rFU3<wWc&MkT$)`%jbouD+E=_EAem(LL3?+Qg400d143Wbx;BC`V>2U1v=
z9#cqhuokPwQUpbVSY5iP4h-yAk`NdyY6qKiEhFzpHwctkP%w%@1Ve$CS3vEfO5!}J
z7WxT}ji};oXOM!?L{$M%`3}2TivWSq!tQb&)@7w^#*C8*X3{aPfiwmQV1oip-FZjb
zuu=_VsC=0cG2wg@nQj{qfGT)^WVsv675b^LpJOJmEG2LfpdsO;P`KPwDHQtg9v*@a
zfDoisAH4<?)_PL8Jqd6V)A&*pk(QlzDkt?46`LSyFX8!UD!--+%tIno4S>+5R6z=r
z{(|_Pj3aIW4j}2!_|!youPP|-vE;nVl(O&&>!?HqUtsq|c`gMADnQcv72&X!ghpEW
zp)PSk5o$;g$Cga>f=u-UmE4C+0-XocT80~tiUTyAf~8r2eW4_-D#AO(xlv$KtW{Ew
zWCTB{%Y`7+KLjaagaQ*NB1gHb5KecfG6do=<+05q!Yq~qi#NRhEdQna_bV9JrOF}E
z$M_7eOg<G;8>OS>U7>jLn?U^T0`QjSEQ?CIu^b@}--D9>A|6yMM`<lrh}4inHR+&f
zlyO+8prKXb=_LrON-7$Q_hb`@*o5L$9K;OY1(2h}DlJg6C@M_E?gh^rrkX1xSY(Es
zqzElm@e&(FfIbtfB$~ghX)Fq}&G5{jEWwEga8?9e<7oA%;C-NPh_K`k)jS<H4v-3}
zCyB`Rt9XRTO?6N~0|7vvs9-dSDO8Y(NKT}1Cn~5yHJLjl5^Z*7K4&U7YPqjaMM`93
z(gK180iF<{Av%;hgb-r>zEVo*KtTr)@Suun&q3i7L~I25PAW%&OQ7ZyDj3s3tv0Mu
z0sW$i*nfx<0GocG;x%1RAsn{_ou~0qZ2#gF87frF62ndDP=1l1g7gc5;Hrw7Gpv!9
zh|DEct!p)<16E-QT9^pJxWYRbkRk_*BB7EF3R7UGQbEeQSzrYyg!8HVOaMsn&3P!X
zLPAJG@v;zD6RT;aLQAE|5@czF0zHFNY!Zlwi(I1i%5)K1s&IqJoTaE9OOf!?g!e#(
zUrg|KBH`b0zsqWAvar2N#0wya2%BPPu|jZ>3fzEjuw&;Y)zL#?Eldy!?Nq8$q2m^@
z*oc}bOqs$&+=j@EH=}T37zzL|beJFnXG8!p5}HQAq7q!}R6x8&@g@w26CQ#CAee<9
z<-}ZaTnJQ#{6W<!@fwdXO@+HoFkeH&b*@k(<wNmF5Hf?061s#^a^49AQadUvTtuR4
z8YCN05&B17EgW*Jyk=J(*E~wRmUzxq08&s(P`vpOqb(vL6rP`k5f%i3_2g;NSR$fV
zMRJ4*TA!}s=8u>#`=<X#P5P>-;8<qJ(`5Y~BDz3k`5`38ZWGQUtzA0km=lu|xYFGP
zm1>tdk$H$@Ora~X`;vmO*xVcSf?WETmaBi)%U&+6V}XX?kGK<759)$71DL|hN{mcD
zy{Cf}m)9<Kw6|{N3f5zuiRU)jBXXps=j+m*u&uuvWWPM>V!mJ_SFmn7I2qPw2d#4~
zAj2&)Yq`*GPly#&)GW4kHh-KeSdV%qpVtRb8bg)P&Sr@YUNeiN>9yp#GJjArh4m~L
z^zP=*gq{drY>yv(M=$8>k<xK!f^}0tJ98YXIolNKx`#iRLep5A3Wu3KXxkPW0cT9<
zip?4{e!knU6IY7+${{oCD$U3G^-&LNYV>dg>y|@f;foxzvGI7(Yha6w!Fx}x!CGAp
ztFQIZfU)bLE1_HS+t}V?HH+<`5Z@I3&${8KKIZ6S*V-r8wFM*W+WcX*ZO^dr^FmnL
zv~_jiILmvZl{u;cti8#5N79h<cUacFrN=vNAmeOX;fS%W%^$g7u0eX2etm}7m+XzK
zq`qOGx4U}-SFlR@r*q4~CmtyAG_({~R-JX0RWN-yj$*5P4PMJG^ZRv{SFn<*nkjdn
z@!3#EXAbW=*h90IR{4gWEkEX-Dyn$%J-P<(#`Q?;yY=g$RMfDewVtu&K*J-0;p6ah
z)e{5ZtoHVf+=hmRPxySkoBe*jwtTS#y-s!c)AU;WJ;6XAuRY+qp}VWchE196>+Z8P
zwt2S)g5Essb9w1Kj`z#;NclMO0)fCyO-&8gb#=GfvNBs{%WRn~vt_o-mf14fySM$s
zGjjLcr6&fyTskuN#iJ9G(KR`_^7?#Vk;%J`o``(qP~Sk&(A%GcuEQh8#_a#?$Y|de
zjz-45P<A1mfBM&5r4x~d4s@2fC)G<p!Ft>i*|n))f~|MVvUSe6*rIW-FN8JA{!76i
zd%Y#{%Z@gFB=e^w)8P${83P2=0l*9E{L{TucAFAjJQC`A8WF6CXN@WL(7+_oj69HT
zP(`>61U-wy%(MrL7c}<WMXFKV@On-2RInkqjVo9OC&D&@jP6x9ZE9$hB{g^41f$!O
z-G^w_kjm$k02@<)32S7Y-E8k<d+P(Po}Qi@eoAL~*!UdYR7$9zj!MvSPh`f1AOseK
z3J66gI$ll}tk;fuSVOSs8GhN!I6M;?nn(|kk`QdnFGWZ`sKj?+WldCKJPgoeOGI4#
z@t>V%c?BJ;_*m_kj*gCve8F-}KDTLkiak)Ah7ojd`~4-V85O~hage_pAzXtxh;)s$
zr;q(dshb5v^;k}X(T`Ag_&7LWOK>d}6&Yz_vFCtb%rOvA9Yv<ACYF(Ff~D7Ey;;53
z*4AdSnL@<vB*UvI;$4txgfLMF2{nJl1nbpO3#`dt$F^wFJ2t{ZL_8-NK4pdrOEqt*
zg@h}*#)=mDwM#dwf=v&Q3Kfyn3%DRqGfVNCCN!zBWl6Arx^K}$SCq9_g^B+$e~Dm|
zZmFDrVnlWdKobSd;;|}NqS|x?>2OBdj3{2~E<-t~$P#d@He-fhndW)N7;h+kYy_E}
zO0ZFIz+_n>`FD)-lpy3GV3P;G#eUfoTB~`NY%qn!q?sXOO-s!-UHi!tA{J+&%4vqQ
z*11z_b?`E-Mp`<dQD2Ip4WUv*^q{a&oF|hY6E39Khtn-sR=HUvh9*EJ2-Dz@ze{+u
z2NVu86b@+{*F0O{c_&ohTOniSAUh3?L4mlSkS0xDFCRBjUETYa8g~QGGl}7I1Q{^N
zZ30zcj!+_id!UC?G@yYyK2XGXW0l-i3WuVSJ_5vahp_m80f7o1BcVv|Vk%SY5mH#u
zgf1cw77-38x&~+fB)X0&QuhwA0Hrdo5St2-uAVj`F)Nv*(F~=;HnUbef7Bd@!kSGA
zlf=ld0RqybAVe?#QzpegERb5rbT~r}r;zz>tp!UoLDkAJr@0Z;jN>jmhE&JOL8%E4
zlAtgTDKt@vNS+v>@Z1~)@O?<Cq#yu)JAnw&RG8<TAiPyrU_>y!SHv+F@yHW^&z;Ed
z!do?kLZVdYWHEn$0_<=Y76b6bV|WjM6{R$pLKu-r;CKpW`l~E`kmz@mNm_y;0F3CV
z5N?n&g}gDi3Xjc&BKai>u(OB)02QVzg635d-qV*R8Y7H*o(EELwHH9u1hFH^0G{A@
zIh9YfNmQ7MQo)k#Skr2%tjWCa8Jc2G0GdQ1>3=|D;ba(;p|YJ+IY>eH0K(yrsTvB*
zg8=e>Li2)%%)lmuF;K?m!gy6Jv(3mx5T>G=6i3X7cu7I7&{S!RIJDm=fj@-_V<E7a
zP%#iK;>Q;<DpHduJw@CiD~x`M1Q<sI)9s-XC!$&}(dbwe9^Jv?*Gg%u9EAZ*Z0rjU
zW5Xuiqxn=S4y2%{j!^lBn^3$0B`G+F7c6N;KNX&wDk8)uf`Quv&@KcqYg|rpRib7o
z4RC`LR}|(7NTh8DHqjItmPO%NK9IH*5#=h#wFVgd+N=%2lr(?R^->lHR?|dMmKu(=
z*2k9u087>o2a^CuEzT=6G5H+Jw3`~hNF_sknIgh8IPYf9i^wGEvEi1KPbw_se~R1~
zgaw+&xFlAS(1apMQ^0>A$h0tm3^O7~@|s7qj}9w`Ol*pyd!Za2IO<JBCTUQ?m=ewd
zK_Hlg!sXFK1sIxn*Hp#-2F}{HI#!N1Zi9%D$tpZ*0~}XI;aPjaU;)E;)HLB()C4!Z
zOf3^Nm*$e?VO1nZhOM51Fr{N@NR#B?YS~;=T74IUg_r~QrDO`R@oNN{n<&v5CNq74
z2UCbJDy)<l`c9(4(@B(6H5S$ZBkI244l+WfcR{9%H*g6XfX-FbY4)*rATL;(mH2*&
z;6m8kZ48X2{BgbLL^33L6%K(&1gz6i=!aY^f(*U{+omYsOHee4%=gWJL@_7rk{Uot
z1ruVirVnTqGt`)ZxCSD>4AQ6=A3yKf6KIrO${LIEs~=6z&!K#06siU1O%Nj@9|oy7
zNY!~)s9@L>#VbJ2k;BMzFf9GU?Xg6FT%y9-hdV<WOXI1jXe>d~Ds+;HV0tPM<e!M3
ze@`^oH0{&BkU^NHrZ||GUV#lYCxT&?rt7a{+x!KSDWo-)Y_5<X<50lPUkZ;-ArN-}
z(A`V~V}TP?xHZ9|f>9(Y;(JMqkK=Yy3yK~gtt8zTE0{kioQb4b#jz+(>Y=E3Uq9Fy
z1=K1LRWNv46%T9V4)jjP^e<JSP9Jdrh>A?KHv#xc4Xu)>=|X3A^9Ec|@q|@r!BSKh
z2n8phQe=D_FddZeM(zsUE1WJ$`BUc8GR2<4#fjYW2PS-R9eoOS<q#FVCZh4c;J7<P
zP>CpjqZR>DUPUD6R{@os1e<+`;8{=t7ew}X{0TIDgD^4ELa+g!g47665oRA1Znsk;
z+VK@&{G5n00<6lQX-MfvPp6^)a*mYA5LG-7Q^ujhK8KVCr&O9us3b5<;jw&H62L^#
zjDeX96~+XKs0oJ3C85pb3RM9&lOV^ZAh|whn5DGefYgV9tz@Z`&0r>9CebV)Mj=q;
zCxz!YbE8zrLP)f5QbZtP*%Ydh?Oqlri4@AD=SCACS0<XrjFj`FUfm$#tgyn100aqy
z6MzuP@u#qoV#?>?QUtYggh~uSw^Eu+WSUB4C$v*R!kF`vDk=~unyfh@Ys}qXwQtaL
zZ>2;c85}2U)^uZpc$D9;+AfW}Q$eL8(!)k%wGxoyg8)=WePfAYvId2I#3V>cO!!j@
zGSpoWRGJbM?j(}I;0Tb8<E4}=&xDpK>JvJWRE*U?CY7jif{C_|CBHW<$h%Arps>nT
z@GwF|E4-FFNc)2XACO-t;)+c?Pb)R=+%8^>oK{5aLE#1q#YCSS0kAJc(9D{aT%iov
znhM-}0KWpMn;@ni3KRKag_u0741yNG`a77$s8zoGiwdUEs{lAk`I&JkU&3TD9ijLW
z#p!mjZVDyp{t3V@CDg7|Ocx-!hN5F77{#_KPZ<SiEOSX{Drlp}D4zv%g()>=P=ucx
z=Zs35DU>3OHQ`oZrA9*6LcqePP|4$xC?o`&cf=G<BqX6lJPI-d7b3D+;Aw^^r4@wm
zOiGwjMc&QO5~&g#7gYR{n0bf+K3AfedvJ-M_|S}x^*5e~CRpRf2eO?jJIE$0%jTrZ
z{NDOb^`F^9#VbfrpNW$nBm%ZTEQFRYUFpHGWV?we(s6_22DupwjvvP5yr<^MX22$2
z1m7})yg%ldcz&aOjIARx#zi%R#<{@OIp&R-I?)Tg5c{$@ZRr<3dIP{J11MDHviu1m
zOM;|?gej49aW{xAw2AUwPz&;`0yS3)uTZ2M2iPA(`Av{Ku?#@^sORMK7da-4!8`hJ
zB10=_f}{(V&AAZMQfh3v`&{&*J5OorG(c=i%_HwbhF~ofHoLW8O_nuLCbJWk3ii^-
z1}N17Dj`^pc_YtVY#-Jx<|$2(P8$N0RXoMAm8s}OHni6%P4IMKn~w?J(h_hi5ShjU
zL8?Kq8lk0X3MoH5B0~AGTpf{3q(f{osyMGoWU5T5n5+cKCCcUs|It7CnFmWcy6;xH
z*e43R*+=X{?1P#HyU0Gx);p(Jj`Jk5=|ZMm^sFL%e26~GNjIC*0{@2!YO|0kR6->#
zF3<0Pc_J*CLS92Bi1Q$g5fI}a5j5vYEz!&$3fIY_b9}I-VhN3<Z@%!r^@jo-FBaE$
z=k}D<o%z+ldiIljKK4j)1G`sgVxMtzvX2&o+0_NZ?9ze>w$VPN3Eq?@bhCzeOeUQW
zGzAdMrvQrU2v9U9^M9*sGZ5(<idJLe*aV=m)OR97nTTkbm;|LK2n<thUtudISo#(Y
zhi#o59l5QI!A}PLfd}h7zK5#Zz8A~uJr#$m>jOuQxfm&}WxqP?W<NaWXMbHBWcMi{
zcDtj4eazm)wiWcV%L_-?2MQx>gQn@$IW?`Oo7Gq}sRsZy=e%J~vkkwEM$PV01R4tz
zq5;C{Cq6zxT{+>o<rR%w=Zzta*{jCm#okl22BaWniA<!L83aUg(#d6s1`o6$Rdn1E
zrV!hDdwa9GLOr(j*3R7KrlxHzt$_y{f}S7we4gDdSN*T++%@5f>Z))_MeSUExrhC{
z+|Qml>|>AZYi18Pg6wmSHg=;u#J1V{*cQ#iZqUqXj&sV0K$k|iC92?TV?~9}77Hk{
zm!S@IdHPhg7C`9B_`7bNi)Rc!QD0I2ZzT{}npc<_Kq^_xXr}ClsNzv>G7%g&)(<GX
zf!Gka9a+5gI!RM#WgF=4vGs&IHgtwMH*~giZEyCs>}>FQ@A7!+AN07~dydt*ou#$@
zP;r&-%<sxQXJ0;8%YJgOjy+yf&mJH__NR_6wnG!Ps|rTh=E9R~lWtxent9b>56y?m
zDw;J+ZI<EN>4LMQ-PAZp<P^)XYk`GBd#wi+%0leo>jE-kKqDy;uW><KEKe#4m=eIm
zV5urFw}<2#h2JeGQ-;V&%$UNp*uuSiIh~>Ijjb&mcLoE^5BWR|kJQ%to~x|))*Pv=
z_Z+INWsZsp_R7&?>}Lm#vB!&D?0(IsyWJULHx~A=YYUFE4;N^`gl1wda-1}P+H75T
ziu6%&y6~OUPI5YW($2RG+|3q`vl$xe)bi-w*jTyUrcEJH1rxheCLBB|LoG>U65Up6
z)l%fhK!-HF2ZF^lul;>lUELvDM@Q?1=9b{~!AAdfZ$rb~ZeQTJV=nItWwq{?N~`K?
z4ph_*?kV@5{?%bG+kL>t9^V^eUv~!CmkOKMr}8`5@8@ggwQ!8(YQEfh#|+zGpV2g&
z=3^Nrt_$Bn%*UFJ`dBOT3U`|-P3G0-LvRT}eh1AAHeD5oib1L&Rm_w~5Fl2HA@F@D
zSTb8rPmis&wQXatu_-U;^WPnGdA{bU_ZA$h^%R%Yxu^Elc-fwE7klNfOVe~-_C&Fd
zeajip%xfF_guO>IuY+0;G0t-BlbT<r`*gGH>OEohn+iV*1cG<)zVlBG>Vh?s3^(u!
z-Jq}^Vsqwx9$}h6*^8-#QgJE(LXl{aoAHpy6`oI9|MC8;a9?jus4KLwy{&C?V?*#h
zkJtBTmD~GFmCNgTv(D8~T3xH3Fng`Ej{WSQn?1QVz`mw*uy2uiR#e{{4h7q`^7eg8
z$z*sPnJ_XC*^Y%35IDhvt@vMahA(GZHoL0@M9;gfTM9guqt{r(yByJ~%im)}%mgZ@
z0h&~xG8jUE>I5nnKp+5Ic>@G41i?b1*X|x$TPVD_xutb`Q!w!HmSDp}4T0d#Yh8ht
zYU^rWuJ*cL_BFNK)!7xc@%HhZ{X-QWb@raUoD8vx$)sjprwo92ofbgoFh(>HpNOw5
zMXyURin<E5H+($<a+x>MV>ajf@{NhUcP<WIQ3XtU6#k#03V>6f8Wm+Hq(~#{8b*cZ
z(-t1+w+;6Xq3<alSiJO&<`dul?XkwQ|5Q@Xp4I}12Q~BhIY$S(Q41or<&Uz<>=AZ}
zwsIXOW8knF&8sd6ksgIAbE_IVvy@Xt0HH^&IgXex#s0RGgI(5MRtGl8IP7L8su8Sg
z{5<us-ZKI0>9=(@wC`y41)p-)`<|)Q%<IuQSMWe}?LblGG4`9%TK3Ne>)GG$^{{U#
zLH1eA#Qu>z#ICa+XIE-|-DL$MY?J2Ktv7@&3W-E-&J?pLC!=XGWj+R*ENQc)#Qs7;
z{#7&+TXw=nDx;I(na~%MkM-{Qa|4=*?XiWr+BUSd1+Qpo@_*9nZ@ASLXnd*O9r#6M
zt>@M98dvaeW$k1^h3CvGr9SqLC4Tll_66BDi(A+i>`m;p!gjVjzl&XAKfx|`>M1Z9
zTWYKnNl*H}WoSK{0hP?jHTn`&Vu~xks}B+B@z{Pqa^Z|ATtmOEUyEM*azdeSZfi^9
z&X$J2*P8r+-2tz^xVFw+QdV78cA&-^DXjFeSC4wwKOOL}r}z5VcZiRD$=S?q(uD4M
zdq3M^A7vLiwCGh^dRD@=oPSkg+6{^<B{)P0MB<_%w4cbBVq#(tW@bxcHe#?ZtG7R#
z)!EfyYi)0_wX}6!(%9H^Wn+W?`hd^(bgkRBtJ39ty|mula<IBKysxr`y{?(p7Y}*a
z)BAkv+eJb4MQ1C!$=<06-2mIF3EgFd5w@xDq>+EM=~;=QXznwb{#r_FEyS`8^9kv!
z*y|-fZk1531RL4Q>9n}$G@%<ko2=e<UPfcR?;==RdsnY!UOP6oHa6xp`h7cte*cSZ
zkN>r5S72XNop+|JvSy~JtXln#G8g;lVITY315NBZN(;No-oieu3Ed3^-R!D@0k*kt
zlx-kWTGXmzb<;);R*zzBMk;G2R+t%0(A%7+jL0-Qrk%1^CG(feUo3^DLnC@pUr&`8
z0S8?Lnb@@V<`qN*t34xF=YhuSJ8tXm8?tqU`Zlz-bX?Qe)bN1UU;CiPQ}+v(+oj2y
zyP~AZH|RVTV6T<=*#AE4V$bZWXWu1Wb~kBbdG;{7p>UX8UO3J!)`AE<4Yr;{HQlmM
zIF~9(;;MyXn#zb&my`H&v8t2PQS)bL$|z=M(=}E`u+IOjZy=l%>h7><5tyyDrG0ZS
z*mPB(vEkN0z`x7w@;qBn=Xt)g-V@kc>*}^2tC{<MW!3CoOKRD!z4h#ShIwsgd5&Io
zgBHDRwU4kZnx@-SIKeKm&#aWA>)4tzn)o*~o^Do)<_%%e(_&E|c**x$Fa(Qa1nUBi
zVEe*Zy<MT4P+LoGOH*J+gWtc??e>4(<MF>*UGFKVc6%1eYU&n>Dry&gebmifIOJwe
zAM~@o*c)VDCR+4b(8B&Ozn5K|e_S)K;|5$}Gc?&k49wNbkxs{axu^*>G}fCni*0Qg
zxZyu3Y|>}z>FwUo*&W*0-r2mRsoDSSfZzSy`uh4u>OH=)idt7yNtMf`RC(BMG@tID
z4|~`@?Dw&U6(76b9$>fI+u0u!_OK5*M%X6jgkfGUa!j*Z3fkEI8rPYQOjMZJR)N8N
z16e)cK3jWRr>(86bwgv5|GEahXM01y_lVo;+g<7MJYQbtsykfcia0B(27g;#qeZXv
z><9b3M#=h9`~9pu&|1?MYTuZ-nwd@Buj}i}3ib5mw1v8_X>Dn~G}sWh)8h+%v)<qQ
zdX=~N4PT(;)wb5QZJ8^T*)m&Z%WRn~vn_A`A0?C0VR4fz`Tzg`07*qoM6N<$f+OS6
AFaQ7m

literal 0
HcmV?d00001

diff --git a/Windows/ActiveDirectory/package/manifest.yaml b/Windows/ActiveDirectory/package/manifest.yaml
new file mode 100644
index 00000000..4a36f948
--- /dev/null
+++ b/Windows/ActiveDirectory/package/manifest.yaml
@@ -0,0 +1,35 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Format: 1.0
+
+Type: Application
+
+FullName: io.murano.apps.activeDirectory.ActiveDirectory
+
+Name: Active Directory
+
+Description: >
+  A domain service hosted in Windows environment by using Active Directory Role.
+  May be clustered by combining a number of secondary domain controllers with one primary
+
+Author: 'Mirantis, Inc.'
+
+Tags: [Windows, Domain, Microsoft]
+
+Classes:
+  io.murano.apps.activeDirectory.Host: Host.yaml
+  io.murano.apps.activeDirectory.DomainHost: DomainHost.yaml
+  io.murano.apps.activeDirectory.ActiveDirectory: ActiveDirectory.yaml
+  io.murano.apps.activeDirectory.Controller: Controller.yaml
+  io.murano.apps.activeDirectory.PrimaryController: PrimaryController.yaml
+  io.murano.apps.activeDirectory.SecondaryController: SecondaryController.yaml