From 1f1ebcedb80e1a2adfd0df16f714ae75f2119766 Mon Sep 17 00:00:00 2001
From: NeatNerdPrime <neatnerdprime@neatnerds.be>
Date: Sun, 25 Jun 2017 00:29:00 +0200
Subject: [PATCH] Puppet module update (#365)

* #347 - Fix for debconf validator pointing to wrong file.

* reported in https://github.com/andsens/bootstrap-vz/issues/347

  flake8: commands succeeded
  congratulations :)

* # development commit

* trying to fix the packages install with a forced apt-update prior to
installing packages. should fix any issues prior to

* # dev commit

* Trying to parse the commands with a chrotted log_check_call

* # dev commit

* "TypeError: sequence item 2: expected string, list found" , trying to
fix this

* # dev commit - changed the way local packages get installed

This commit changes the way local deb packages get installed.

* rationale: a local deb package mostly includes a deb to configure apt,
e.g.: Puppet apt package. Therefore, after a local dep pkg install , apt
should update itself to be able to install packages that come with the
repo's configured from the local deb package. This assumes you install
LOCAL packages (deb files) first (as a rule of thumb) and AFTER the
REMOTE packages (you include other packages by name)

* reverted command plugin tasks code

* # Dev commit - puppet module update

Goal is to install a puppet 4 agent on the bootstrapped image

* limitations: Only for debian Jessie, installs only puppet4

* # Feature improvement - Puppet module

* a new way to install and configure puppet on a debian jessie
* only tested on debian jessie, for now it only installs the PC1 agent
package.
* future endeavors include all mentioned todo's:
* TODO: plugin must be able to install on any debian release
* TODO: plugin must be able to offer choice of distro package or
apt.puppetlabs.com package
* TODO: plugin must be able to select release version package (vanilla
or PC1)
* TODO: plugin must be able to set up a puppet SERVER , puppetDB
optional
* TODO: plugin have proper linting
* TODO: write test cases

* # Derp commit

* added project files in GitIgnore

* # Dev commit

* added release detection and installs appropriate package.

* # derp commit

* removed unnecessary class parameter.

* # derp dev commit

* add predecessor to ensure repo package gets installed BEFORE the
agent.

* # derp fixes commit

* i must use info.manifest.release
* a little bit refactoring

* # derp commit

* fixed correct predecessor

* # feature & derp dev commit

* added feature to install puppet modules with the plugin

* # Version upgrade commit

New puppet plugin module update

* Plugin can select proper debian release package to install
* Plugin can install modules directly from forge.puppetlabs.com
* Updated documentation with working example
* Limitations TL;DR: agent software only, PC1 package only, Absolute
pathing, wheezy/jessie only, assumes production environment for modules.
* Several ugly derp bugs squashed.

* * PR fix commit

* Modified puppet readme file as recommended
* added small description in changelog
https://github.com/andsens/bootstrap-vz/pull/365#discussion_r101378921
https://github.com/andsens/bootstrap-vz/pull/365#discussion_r101379039

* # PR fix commit

* Cleaned debugging leftovers
https://github.com/andsens/bootstrap-vz/pull/365#discussion_r101379293

* # PR fix commit

* Removed todo's from code, creating issues on the project issue
tracker.
https://github.com/andsens/bootstrap-vz/pull/365#discussion_r101381742

* # PR fix commit

* Moved EnableAgent task to the bottom as requested
https://github.com/andsens/bootstrap-vz/pull/365#discussion_r101382775

* # PR fix commit

* Removed gitignore file, I have absolutely no idea how that got there.

* # PR fix commit

* Fixed several TOX issues, it's all green now

* #MR-365 - dev commit

* first try at installing agent with sources/key injection
* New tasks in puppet module: AddPuppetlabsPC1SourcesList;
InstallPuppetlabsPC1ReleaseKey
* it does NOT do any checks. it assumes the url is correct.

* #MR-365 - derp commit

* removed some unused code in tasks

* #365 - tox fix commit

* fixed several tox warnings

* #365 - tox fix commit

* missed one line...

* #365 - tox fix commit

* Noticed the nature of the tox warnings of 'undefined name', fixed.

* # 365 - Task order fix commit

* Some tasks had some invalid predecessors defined, removed.
* when running a test manifest, it fails due to 'NO_PUBKEY
7F438280EF8D349F', trying a hacky way to address this

* #365 - Puppet module update - install with source-key combo

* It now properly installs puppet agent package with sources/keys
instead of package
* Tox is green

* Delete .project

* Delete .pydevproject

* #365 - Puppet module update

General puppet module update.

* Fixed several issues discussed in the pull request.
* Tox is all green

* General puppet module update.

* This update allows for the installation of the puppetlabs.com agent VERSION 4 from the official apt.puppetlabs.com repo
* Allows for the installation of puppet modules. Useful for masterless setups.
* Puppet modules you declare in your bootstrap-vz manifest are installed with the --force flag.

Limitations and gotcha's:

* Only works for Debian Wheezy & Jessie.
* The Puppetlabs.com agents are only released for i386 and amd64 architectures.
* If you require the puppet 3.x agent, you should not use this module but add "puppet-agent" into the packages list
* You need to add your own puppet.conf file to fit your needs, this can be easily included in the assets directive.
* Assets path is absolute.

* General puppet module update.

* This update allows for the installation of the puppetlabs.com agent VERSION 4 from the official apt.puppetlabs.com repo
* Allows for the installation of puppet modules. Useful for masterless setups.
* Puppet modules you declare in your bootstrap-vz manifest are installed with the --force flag.

Limitations and gotcha's:

* Only works for Debian Wheezy & Jessie.
* The Puppetlabs.com agents are only released for i386 and amd64 architectures.
* If you require the puppet 3.x agent, you should not use this module but add "puppet-agent" into the packages list
* You need to add your own puppet.conf file to fit your needs, this can be easily included in the assets directive.
* Assets path is absolute.

* #365 - Changed the way trusted keys are fetched.

* @andsens is right, keyrings are better added by injecting them into
the image, removing the need to install package 'ca-certificates'

* * Added new feature: puppet module version can now be included in the
manifest.
* modified manifest-schema to reflect proper module installation
* Updated documentation.
* Example manifest added to demonstrate changes
* @andsens is right, keyrings are better added by injecting them into
the image, removing the need to install package 'ca-certificates'

* Fix several requests

* Example manifest moved to a more suitable location, documentation
changed as well.
* A bit more efficient programming.
* reverted file_copy to it's proper state
---
 CHANGELOG.rst                                 |  12 +++
 bootstrapvz/plugins/puppet/README.rst         |  81 ++++++++++++--
 bootstrapvz/plugins/puppet/__init__.py        |   7 +-
 .../jessie/puppetlabs-pc1-keyring.gpg         | Bin 0 -> 12283 bytes
 .../wheezy/puppetlabs-pc1-keyring.gpg         | Bin 0 -> 12283 bytes
 .../plugins/puppet/manifest-schema.yml        |  13 +++
 bootstrapvz/plugins/puppet/tasks.py           | 100 ++++++++++++++----
 manifests/examples/kvm/jessie-puppet.yaml     |  45 ++++++++
 8 files changed, 230 insertions(+), 28 deletions(-)
 create mode 100644 bootstrapvz/plugins/puppet/assets/gpg-keyrings-PC1/jessie/puppetlabs-pc1-keyring.gpg
 create mode 100644 bootstrapvz/plugins/puppet/assets/gpg-keyrings-PC1/wheezy/puppetlabs-pc1-keyring.gpg
 create mode 100644 manifests/examples/kvm/jessie-puppet.yaml

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cb76a2b..fcb3277 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,18 @@
 Changelog
 =========
 
+2017-02-20
+----------
+Hugo Antoniio Sepulveda Manriquez:
+    * Updated puppet plugin module:
+		* Installs Puppetlabs 4 PC1 agent software from apt.puppetlabs.com
+		* Enables you to install modules from forge.puppetlabs.com in the image
+		
+	* Important limitations
+		* Only works for Wheezy and Jessie for now.
+		* If you need puppet 3, just add 'puppet' packages provider list.
+		* modules: When installing from forge, it assumes 'install --force'
+		* modules: When installing from forge, It assumes master version on forge 	  
 
 2016-06-04
 ----------
diff --git a/bootstrapvz/plugins/puppet/README.rst b/bootstrapvz/plugins/puppet/README.rst
index 530694f..86c3aa3 100644
--- a/bootstrapvz/plugins/puppet/README.rst
+++ b/bootstrapvz/plugins/puppet/README.rst
@@ -1,16 +1,25 @@
 Puppet
 ------
 
-Installs `puppet <http://puppetlabs.com/>`__ and optionally applies a
+Installs `puppet version 4 <http://puppetlabs.com/>` PC1 From the site 
+repository `<http://apt.puppetlabs.com/>` and optionally applies a
 manifest inside the chroot. You can also have it copy your puppet
 configuration into the image so it is readily available once the image
 is booted.
 
-Keep in mind that when applying a manifest, the system is in a chrooted
-environment. This can prevent daemons from running properly (e.g.
-listening to ports), they will also need to be shut down gracefully
-(which bootstrap-vz cannot do) before unmounting the volume. It is
-advisable to avoid starting any daemons inside the chroot at all.
+Rationale and use case
+~~~~~~~~~~~~~~~~~~~~~~
+
+You want to use this plugin when you wish to create an image and to be able to
+manage that image with Puppet. You have a Puppet 4 setup in mind and thus you 
+want the image to contain the puppet agent software from the puppetlabs repo. 
+You want it to almost contain everything you need to get it up and running 
+This plugin does just that!
+While you're at it, throw in some modules from the forge as well!
+Want to include your own modules? Include them as assets!
+ 
+For now this plugin is only compatible with Debian versions Wheezy and Jessie.
+These are also the distributions supported by puppetlabs.
 
 Settings
 ~~~~~~~~
@@ -18,7 +27,61 @@ Settings
 -  ``manifest``: Path to the puppet manifest that should be applied.
    ``optional``
 -  ``assets``: Path to puppet assets. The contents will be copied into
-   ``/etc/puppet`` on the image. Any existing files will be overwritten.
-   ``optional``
--  ``enable_agent``: Whether the puppet agent daemon should be enabled.
+   ``/etc/puppetlabs`` on the image. Any existing files will be overwritten.
    ``optional``
+-  ``install_modules``: A list of modules you wish to install available from 
+   `<https://forge.puppetlabs.com/>` inside the chroot. It will assume a FORCED
+   install of the modules.
+   This list is a list of tuples. Every tuple must at least contain the module 
+   name. A version is optional, when no version is given, it will take the 
+   latest version available from the forge. 
+   Format: [module_name (required), version (optional)]
+-  ``enable_agent``: Whether the puppet agent daemon should be enabled. 
+   ``optional - not recommended``. disabled by default. UNTESTED
+   
+An example bootstrap-vz manifest is included in the ``KVM`` folder of the 
+manifests examples directory.
+      
+Limitations
+~~~~~~~~~~~
+(Help is always welcome, feel free to chip in!)
+General:
+
+- This plugin only installs the PC1 package for now, needs to be extended to 
+  be able to install the package of choice
+- The puppetlabs agent is only available to i386 and amd64 architectures. ARM 
+  is not available from repository at this time. If you need to have the agent 
+  on ARM, you need to build the agent yourself, and install them through the 
+  ``packages`` section of the bootstrap-vz manifest
+
+Manifests:
+
+- Running puppet manifests is not recommended and untested, see below
+
+Assets:
+
+- The assets path must be ABSOLUTE to your manifest file.  
+
+install_modules:
+
+- It assumes installing the given list of tuples of modules with the following 
+  command: 
+  "... install --force $module_name (--version $version_number)"
+  The module name is mandatory, the version is optional. When no version is 
+  given, it  will pick the master version of the
+  module from `<https://forge.puppetlabs.com/>`
+- It assumes the modules are installed into the "production" environment. 
+  Installing into another environment e.g. develop, is currently not 
+  implemented.
+- You cannot include local modules this way, to include you homebrewn modules,
+  You need to inject them through the assets directive.
+
+UNTESTED:
+
+- Enabling the agent and applying the manifest inside the chrooted environment.
+	Keep in mind that when applying a manifest when enabling the agent option,
+	the system is in a chrooted environment. This can prevent daemons from 
+	running	properly (e.g. listening to ports), they will also need to be shut 
+	down gracefully (which bootstrap-vz cannot do) before unmounting the 
+	volume. It is advisable to avoid starting any daemons inside the chroot at 
+	all.
diff --git a/bootstrapvz/plugins/puppet/__init__.py b/bootstrapvz/plugins/puppet/__init__.py
index a1f3765..55ac88f 100644
--- a/bootstrapvz/plugins/puppet/__init__.py
+++ b/bootstrapvz/plugins/puppet/__init__.py
@@ -7,12 +7,17 @@ def validate_manifest(data, validator, error):
 
 
 def resolve_tasks(taskset, manifest):
-    taskset.add(tasks.AddPackages)
+    taskset.add(tasks.CheckRequestedDebianRelease)
+    taskset.add(tasks.AddPuppetlabsPC1SourcesList)
+    taskset.add(tasks.InstallPuppetlabsPC1ReleaseKey)
+    taskset.add(tasks.InstallPuppetAgent)
     if 'assets' in manifest.plugins['puppet']:
         taskset.add(tasks.CheckAssetsPath)
         taskset.add(tasks.CopyPuppetAssets)
     if 'manifest' in manifest.plugins['puppet']:
         taskset.add(tasks.CheckManifestPath)
         taskset.add(tasks.ApplyPuppetManifest)
+    if 'install_modules' in manifest.plugins['puppet']:
+        taskset.add(tasks.InstallModules)
     if manifest.plugins['puppet'].get('enable_agent', False):
         taskset.add(tasks.EnableAgent)
diff --git a/bootstrapvz/plugins/puppet/assets/gpg-keyrings-PC1/jessie/puppetlabs-pc1-keyring.gpg b/bootstrapvz/plugins/puppet/assets/gpg-keyrings-PC1/jessie/puppetlabs-pc1-keyring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..33a7a49381d5c3e36694600df481229bcd22f9cc
GIT binary patch
literal 12283
zcmbuFQ<SD_vaJ(;+O|<?+qP|IRob>~o0Yb08<j?-?MnMp_1eA9>e0RTxj5JF_-^Ky
z5i#S5FC7F9Aj94v0E`IK^jx4&B<Jl5?v{yUTsoWQodz1TCoCBR#)!27qwWZvAU+wB
z=`En(UhGwkAH6H)(_f`WKb;2W4$=|{(z!4*x8tH)7-?f=t-iEb#02b-t1U#FcSx=^
zb9knhE}D4D^hJ#M^IqX>z`6Z?!@=OC1C>VQDsQCy$fA`WU>U$#WQ_ycExko}jgdEi
z!%J?M@hcI;p2ixcrPm7>>&G|D@lH<4Yg^Rl4P17?@;WGiN@%zGG)#w<CvRou5ShVO
zm^OlC3i2y?N*@lA8)f4<KJHvl<b#@CHDwN{p2`c}E2E5ZalQ;!s@);Bh&{fdv_qCW
zDt$NY>zH+X@5QTbOXZzD$=7gI237U$v>o)UY9F*sdX+(ZYrj<Ki%r&#ydmnHnUSgz
zxJLOU+CYE2ppJerG~c3di{SBYlvTYYMmgLg7S?G|VThzg`wUi{k{epXZqFrB6viTt
zZm{#MMCUg?lpi1Za%)OM9D9wwxL7#D!unfx7y<B{<Z`y2ePY*|Z0<LFEqKwQ<e$rE
z5JNhCF;eJA9U;aby*_u%$>{cR(QHbr{rodu8V`nfT6f;fwn;fLa7w2o!elac?nt*^
zWUrCUGI03X23F=$SAVSmlll6^A04i}!etk4|73;?C5_}H@2e;0^gDWI9G~?RdV+1R
zXg<8pABQ1V1VRD^0&WynaJI8Ebt058G;$<VGPN=_bTlQDHgzYY_#Yl933<$IzS;`d
z{o^~U-=EPL+gkI51LFb^fkA-4!9Zl#d&PjDp%96*J{0y*?U-s%Ac695V)z_)^Kdas
z#vxShjz4R3$h}?G(+R4IFtHB%9UAT01G2B9^2PPqvR$Ck_?aq!1rrCe6qPE4UzBnR
zEdf*qQ$R1QFqcH8q8=c4(My$8rZ3VQAMDCS$(^HQZGeMQ7A=M-!~#{4n?z%SFS4dU
znLe?!KyCO=e)5!50~qP>{k{!@I`Kb01b$k9=~Ur(WbP$#N7b9t_RAd?L+p0Ge+BiV
z=c&i)=t7{9uRalgwUw*v{+TR!j>*`HqRhi5L3;1`&WM~*s8ncB`#ghEs<y0`myhV;
z$d_yk72&Pk9T9F^rwp6URd|F}p1<!@@KFy#W2dT+!U2M`3GfRC`EPj?_cx~h$RouJ
zld&Z6viBT>@TthAkKn`7E>U*Me89|OC&52!kwwd0`xMZZSm)XRFWhy`+vKVxYqoGF
z*3`>b%8;l?hJaP_?!N$cOVO3mY*m~WZJxX}X`(d~Ta72b7r6jyeFq7~MVVVHW3*rs
zuFrM7<wbgUH+COs&WKiEZ>^ywUOBhkpDu1ov*2e{U6Kebjp;p~op8?j!OuC5*2yrn
z!-MR*HzYlh1VDQ}(1&sM$&DNbqOXh!ALtls9_|ui2#beeYnphyY&8kb@q=G6P>FJn
z^$OIaY|Uy9E&-pFDW4Ln%{*|K_y~Y?bFe}6%Up3Kg`<^fEgH$F7-(%rs*%4&6_Y8R
zRu?=wP8aJS7si)Pdj~n}#|dMd%%|mf2!S6NpujSQw3F(SsTATf!;-VR(LUgKo<B3_
z^BF~5r!y)x50ecik=T8q^@2Y`YWtWJxS1>^qs(Nt<%;-*c?^7z&r#4(Gj$=&2f4O0
zaPNr=Q*u;NrGfQmog5%y=*OdbO5V-1HUw)d$c|S%%_BHUd9A%Y8lIDU)MWDT%ZUKP
z)l^31A_(@{!9^z&FQ*}@!i)82%Z0;(nrg@(Q%*am%9+An5Sl=#G?=`~V8Y(RmHwiM
zY%=0uoh1n>D%p3LDKMK9g1+%f2R?E}$bPlrEx*-gRiAufUWi${6<*~bahn&8tK5Zz
zQPyAffc!`GJPVxsv4;-I(t08o9Vmtd!UqcmB0dW_@B|k1yOZ)fu=3MvA>V1N1_@`=
zdo(d>Mv<rX`o)80Edc_newkVStTj?Lkgez0MobFFN4?FCQW&fe$~E;jid`n8p&u;D
zIU#gygO^N2B?W-H%%4=Q{89u<<eG5MQ@BHIs*{n6GqIZdFP>=g*dwuxS8or?Tp6bp
zUuPQ+J~VY~NE$%F=H%iIr{?G9I*d;dg9=5-=x7KcMm)7RVUTNCQ5(uefabBSsc9$i
z#9Ut4L#Ow3MGXsWEf&Icz7gNf0IWn;;&&kYk%G){<WV)xz_p#Nxd1ynHSJ<mQYv0F
z{F<nbex_si@v+>D0^ME9sZBa?LWycd*fAcun^a5)+Aew%W67kzoL?6sjv!oaI3xn%
zt~&Z?u{4Q;msPt{I+`q=_i2{N_j--<a~uk1#!PhwzR>eb-F{CjW_BwzSr(=rd^~bc
zc(>B?o)ZWE_$n@O)z)Mf>n@05fb(P#+CAE4nzt~aECu+&zvFWG?fA!s%Nj~%@GSn7
zv)s>h5k9J2ZMusAm-+jp*i{BJ>!{#z>62yw?S+FmMVeEkgF^7Ht_PCpQQv8>4j___
zgF>gV3tUAX1-Jw8Fg~PZ3GXbuh`!^df_CgIX5-&b$p_CDzrVhS(UCq@m&D2S5Eu<V
z4c7g*+#y^76NS)ViQkGB@LIeI2jK&t{BEukAUL4lFi?;XpdjFAkRVXdFaUHAP+$;z
zU=R#HFcA5h{TDDO7zrk>KL$cnX(^CiI%j~SM0m%4aPZw7QKbY)+>Ed-#Z7Q4$n|Y2
zh<dq1t@vdY0`{xbBa}*5@YQ-<EeZr?ieMBhnlZL8lnNbTO&*1IdNvsHVs62lP4t6!
z?aK<d<(S@;0??Uz)YCQ|4xgD3%I?HoKFWU34oyW5<x~E&AONh!w?*&m`A63z3ES|{
zS{R26H=4+n8Acbm6u;ZoZigPUjUvV9Bds4lU3!Y}<D~QKGkAP9qGF>ErSp_MfWAna
zR5*L(MzKUiG^=-C`+Oa^?+jCKQFlb7oEnXIK4B;VRbV8~@;H}HW|OjCC@+*hO{ev{
zty(dK!vecX9s7_Y@&1_Dqn<cBIBx&Bsy>tHneC6~gc7NyldG^o8S=_3ul4g$SyA{3
zQR4jeic6;f$_J4gw;A1ctA{N*%ERqVr2qyFqRX4rBNe}TvO3qxo=-#~78Z$lwT&U0
zVi!~1yT)^xd|8SBLkH`)7M0Nhz69Cj;pCKB75o$jkGlP8Y0bu$Jefd58Z7OHzhZ0W
zuu`;iT>5zY<5vP6q_jlza5)AEpJ2YqdA)`#L~yJe@^{HK2O9@i_q@xK{=@(WwFrfk
z{K<m+&fAirj?=?g!1qupe-L>qjdE)y-6?!>6cPEudj-;VFbN0?qt}VfozIM1|HITM
z({YMzqYKXBLffoH2U4cZGY#9Y+D@$C|2EK{>D(dk+eTnep#9%~{zo(Y-9T8D2%lzc
zLGPzHMII80Isu9%jL5ea%ul`&AXYdIrMO!*>v}o;GfDXUpXd6{_6O>M5W=fhAWgx+
zZVfVXs8J8}<IGir+ti~%n$cxz`H_m}eimWbIS=m+y?Q5i{>57`J{9z^Z1E>PX5)&!
zxyV)2mGRLJ3#*fe>26$oi)$EDjUa>r-+HEP6+;3kF)PjR;%d;bW-c$H)<LN*Nrd6P
zzBp^cl(3tszPGM3WVSW*kDy|3#c`f??kl{8-==4)!xJyBArLBIsdSt5Q#(r|#tdR|
z*p6c}(!K;qx|T1A-TF{BwrrF_mB-+Em}Q33Y-6%dBStZzZp?EM-6}FY+Ys$<AoyME
zE2LSVIPGPsEn;vr#QTX4s_n(6^#R@DoRG#Jg^U0bm6CO2?OgUHP^e_)vSGN~2!6YD
z2qCqLYY7wt?;1Z~$2_T>MT|I+N>`I$(0283CMw4=R!xBW@y^LAC)vR~o0gYso}^(K
z;Jnq(NY;bU^QbBu&KV@!pK04fjvJNAvncAb%-~b~Q`+)2#WNV56Y(QjRzQwo7Aaq2
z5d9Q@1!m(1(5umILS^!R{{DPmj*q)$_aSSbGAV~M(#BTCPOSqy&S`PA!AwI14bBSp
z2>XTN*x?cfdac*Bk|WM2no-=2g$=P?aTPW;DJtPhNOSSH8{SmHp7YLM@ecaWfKq|z
zfd6BU?{>BY%j>ADJtYtyUkU{Ik|82*Xj<#nOIc>4z8*1hLu_Seia<*RABIWXX%dW6
z`LCv+<a(c6iuF5B<{_IY-Lt5+z+dEJSD8ztU1k?CRr);5JiQu8V5BP6;P)=0R3tim
zYiJ_@c7Y~3lVrplqu8?vgeG<B=>jUQZDoz!1G<84DL-GHzoWrKd(_wQ$u){0h~xoS
zV4!Al)lMl9yPw9rQICG9jIDBXoabH>nLLgJUv7H7Er8SLJ7(ZH!FW>ED5zbXB1P>T
zCFN3i%9E;jY)!APC>cEFuLh68gXPALDrb{8j^1Cmqr2rmPuu4kgOu>RCxDpfcKf=6
z00vu{CxR!lxY=zQ```8Tzc*-g@Fy@ZC|K6{slV4(=kH~#$~iW+>(=gu$VMyycCBMG
z$`as}I9?>whCtwysjQ?<A=3wuMmwuLYnbO|wx{368Ap|0%jc?c9}2|ln)S#&`K16h
zt+tpA!(%6mpcWqI7|Vodb3%`NRM?3O1Vd;{j(V`bobz)uhGwOG&r=k~w-V=zXX@P~
zO=&n?fRLq;uigS;Q|l8zvW``XBg_h)n10N1P%hV%Mn}jQFzp(HhF~H&GUIs5sXQCQ
zv=84Nni~d8^rT`Li}7v&H#K#Hk_yF-v}TZgS7^CiB)u)!Gj(gAMP2EnuPCboPo2|d
z+Do9EXf7pCmq4tSmM4Rc@e_GW2hWJgk5xvP|Grs_ciu``vsO{2rCnfYsZ}n2!z>2H
zSr7Hmx9J^PpNty0c4^g2jAD!4{V9is^c0DSvIt2ohL~&01(#FMRQER6IGQ!-s=Q7n
zkq;i?v{S@FpS!P>v3c$JR$&Fk#}2F*lM2h-d)$}Qx-7K4dp_JZ!&)$nB-I{_PcLS$
z^tgnJ9HN~!+2sZp6aM(|os}l7U;D0h`Pc1$dpI@r1r7H&z4gP7HVVa3tbjvZH>Q|d
z%}RM_Cj6eD#1#CYrUwr+moU65kL~~#fz+e)?d)$<Df4_{mtJe2zqWm2J<g6^k;pr2
z)f`dCyg<U4Xf1T|E}SGK5llcTuf%k8u|tj@|F%A<K<xzou?GsL`Y94f^eu`V#HV7M
zEFF}-JMyOK;L1}c{W18s`byoqE?jdUm@hf+n-q6NrD=NV{V%#QSVUNV(prm6`|gs;
zZ&~<9V{r9{XlX%L^?NZvBIt@;jWQX8U`j9uSL1HHeOf%kc0-rEs`v+V9{4#O=QVV!
z)ab{qP|D(tcom5Ljw1)pXH_WHjrvTm(nZXq@!bsPEF@5p!2*0t^lXkguzQFt{Bkg0
zSgGu(*xX9z*ZN{2nR;q5EgJo=GRi8$F-&YHE2QfIEtFj`?vnjujjU;%9%VXCX6i1B
zEfFHNHk;Ju*Y?Xrzjod$kF3Z!$ttF$P*VL?s5amE6~ZH9se^lLZf2dph91*@V+%#3
z9QWUq(vG^;X7+MMk6B&}C=N>P%^VTMGLBTRRF0EiC_I4(0GoQLu8M{PHjfTt$?23~
zpU#=fUr|-BlJB;Z^toGNkwmzggM2&t;e^&JZGs&i_8slQ6_5AKh(+_#QZnH|)~K3q
zE}p9S{FpR3X`_TLV-(rZXRTku_1yt^eC`p*TJc^kp}KSzQH_g_0=d*e=v{{IU6C(8
z$S>XbVH!qyv*Tg_vcL8D$bEQvvPmDb9Sj8FI!sb9x06eTU9rHJ#vKX;lVVeF5^c#4
zXfMsC&Az|t0CDxZ3*-%yfM&R|5t6Sgoh{>nbB6Zw5y1cQ6#nd0QU9<InZ!&`wd|$9
zhLFNl;t{ZeGo!j(Xt5b}(ONBiyy9(Ht16H|GvCd6H#e;Fl3Kdu9c?20!a&tq&fHCg
z8NqP#OOBDwLt$|q2k#9qJ8(%X0pSip0T^RM&^8jFJ8myhER!_|T$Bnr)Sr(K&UuM@
z?wuUF2MK}Ri=jl$Ba~1fysFW9m48BIV8rloiSmLFnb3JJcV?DFb!2RF18lD5UP3f|
z`cKD^<>tSIb^zPv#VoQu2;q(KaxFfxBv?13d`Q<z%2&kMDe$wkrJjD%;QOgtWPEiH
zG_rqg5crOr+JkyvzJ}wyu|mS4K;d-X9hr7`K4|jt>=^S!{7a2Fk`$uQ`ghqan7^=v
z`rqk<ocT91Co6YCA!l<dlYfU7|MvVFVVIa&nY)-exc?i*0O9|gw4s40e>ZZ7zmhia
ze~Q{_-Q*L$qqYL^{GU>7eNOL%=&(}H=0pT)h-{-VXJEYU;mVI;d;)iR;-*)7RR9<g
z(O&xx^cyn!$wDCNxqOE99JV&Bu6;T+Uo*fhgw$Id`;(M?Zv$Qd>)lw79k_89Dr;`U
z%0rB$qV%0}v9umL^(yUWV1$%v&7rV9KDR^12)=o9lo}qUghsx6EX|cckB{RjOMC`B
zfV-J1@ots&VH&uhcW-IQ;As;;_$emMW0Mr-`IxdXkrZI?XeGF0&NF#di~_bJ4X9N)
zbF@4O69;qy!geT;6DMc5HA9*;TohuEvL7b;zlkWwNhJ%Tj^45ogjoFotLcDPTJ@3v
zv=L*mMt+}e5@p0<HX7uhzqWT$sKehE;UV(edM~+W?y0t_^40Pji@g{&d>O&}aS{1S
z?quLM_^CViG2NV_RxT4!O4M@`Y%R>CoI_PxUHn)?WmbYY`%T9Z<+RUFufglv^fD%C
z_%Skt1dm1j9oRq~-?c2)_DPiVf%YxqEFpPYI`C~2K4gfoLX29Qkm_57Dn={6JrVnq
z@fukwsoR?$jd@z-1UIhvum@zN*N(~dJQ2gbC5j+t19rJf*!=;!UHVnvdFGy=^)emm
z?4=djB)RKltITicnF{g=+s|#eb6eL8@BS(xsIQOi^#n16{KPa@qhcNaCo7{#$~{~V
zIf{xYBr<FULLrsBrinc^P)H-zsQmwF&HqT({;>c;|GyT%|Ln?$RD=&gUo8{&6r3Eg
zcePOvwlp6%e-Rcr(`g~PN&6|-RtXwrt*gr}vqbKR52>somNYk4eX}$m(Im?P+#vc@
zj;Ef>^_bIyYaqC*7$+wcc+mH<FP`cjag|^VNDY}8yI2D|hzG!sz@<(1ZXPz_f?qx|
z5vlNx?nelV$y&988FVa*{VlFR$Oszm$`ePagWg21ko>&nsTUU{k;Yk!?ogKmBAkt0
zFD5RcGI|#|zyOsrDsYP>w0+<jD01(|SbHX|4-k54W}>+sWW2bjUc*W_S0fN(d`=Y-
zegb<;SMHl3fYby(nz(V+VKgCzDh<|PV1@N>@I7{spBs~Q8z1KE32Jf7x6nr&Vs#B)
z)8|`mf6{>)osK<QeWv-Z98s<e%1M_klY$BNaIzpCX2Jov%GCnFi)v)$Le=HQkm)5E
z!Ja(=^9kVX<cB6IZrMoP0sWLGLcSF4WYLE$g24^Ha6jukJlkGm>4+ejEY-85;utgB
zMM~d-G51~W-hkdWPjOtb6jw3h$s!?_H$fFl_79~nc&@(`o&Rad(C@CM6MHl@*{1+m
zD)Z`fBC(|%fZ!Q5gzi!4t8<lRUQ(s2IZfu*Rr<qcc0G3SS^Y3ZHZ>~7hNGm>EWwOX
zvO&}uafbYn;YC`n@O(2rYoNTjqc&>MT(D<@xA~aO);c@C?f(wYM!gh&Poekm8|VD#
zGuS#>o$)<5!-><vLG6)(N57Zl)q9U<1?xDDsibst&gez5s$qm?Rb;Kna4pmyD8;$u
zms($O-<YxHbWIZ%yLs>~`tkS6hodAC5p=dL>C_sMcOF=FPIOj&dE#40NMJDsBwO92
zex|PWn=%00J{-nkNOw1NAXnm)Z{b3J@dNzt%%eYI7jz<fL{k{HH$E_NKVnSsnx8ar
zpx5DTYCqRDQS?F!ULx{$!$9thw;HjMr>nVTi)Cg+%SY)QiS=#GRK5p0up%L60!-}0
z>0$gfjgU?Z)c59hD&ec?pb3l+VLW8o-@I2*1>a3+Pg2a6KVBGaf{SN_e$BAI?TuFk
z#&g=av7cH8=n|p2r;c33LR<}ctnCtfjM~&a9^9R}n5WO?z2z8$108RXug{hf)tpTI
z?5wOqd>RnPmvW+FVacnknAuu^a*YdgmjJV)e^NrDe&_J&Wv}kG&ZXRUvy~et8Ae`f
zU}H06%(UOf+7F)p(NbRh3Y&odcY5#b`@wq<lCIu#$gCu+LQL6@yFIL1z<EG0y6tFX
z^J+V>$q|@|f|vX*fOR+0NU55V@+i?Cpx4cE^L`4a(`s*%xHE|0|Dx-!<FctLs`hRG
zKkSdTFa72ExWpP$<^JIE`1}zYq0qd7P~STAj1{VY`yT@|9E1#j`FqYGfZ)J_f&A_p
z$^V#US%05qv!{qa#fF>PpFd(6<k$~vE5P4A5VIZKFRO;E{5R5>a%PC~Cl9?2>U_|9
z#QfWdI_ZM#*hEYd5_<Y}=?<+7qe>GwPsasazIC3hg%Pc(F7}==B)+hr?AylX_iF8z
zvd472UBP4bMK~<RZG^>uoAynV2Z#+fdr3|Hga)Pv5z@~v*RQD1LVL2oE30z_uZ0I1
zlWu?`z_gm6$gvViV&#dBBG|s8^PqD!vE+`KeqL9vlA;24I$L!~D)Xh47>GU_cU;h=
zV%DsX%phX&tmZ9L1i}w&-$+_Y|CWi;W;hEpjvR{uQ<1TLADYr1d9W;DlTDa92Y>*q
zG`^(N8&5<?vQ8od#pZ8s#0g&5h2HvVwC_W%ivY_#ss(y&r>lw4&VXyIVNHSq*a_u(
zUnB%bdZ}w#z)7<%7$_?tNW#FHFPc}17MYBoGM>V}E1*;y>}dM<x%&6d>e^$}$P?dm
zbI!5S;~i-JWSBT%Q)uzD&&cxaFOfr)H4=3%(b9C0ZjECl;eHViqrD^9`tj(bxBT2>
zJwc2lXhN1*as;-xWA6ok3Y)a)=F<tVKP@MJfq-Tzlj*!1Fzk*4PGnp)Xu`4(Yg`lD
zgvm<1>KMK99j+jH3LT%1FRE-Qx~Zc(V6hsvkSjF4LHSaoGi0<{$@ojrOAU|^Z?tf<
zg^e@H@F#eyH<R%F4&J9WpGR6IE+-wtT@2H7<y!#hxsFw2FJ@*V0>KPQR?uOmt$f1J
z+(Z+8q^h6F$n~=)hob3V`;WxI`8B>UA^tIzFdr98Zez)|Juj#9b(`Cmn4OCl)FmLT
z7w!)Z!&Sg*-xP7>N&EHGvGrM&lb%Hk`(-4|_4VK%De_2KX;VneOvhY<?=Re!>HGF_
z@3j_ReoA8mo|zsWXAbE=#09OTD!f{coAB{G(fHOnMdEU61?|u7yD@OocT{4T-mDDy
zMZ~^K?{Jl^Vnz~fPyXoo=Gy~al0UL?jdI-|YOY^Cqg4A~?s#tY7_|vU(#km|FT1fz
zOVUe)$%nvoIPMSLE+_mYcgWyHnK8mhOxvua)TXg-NGK_}^4S6qv26Clenh2qr~&}X
zDiECzYawX<=?*b^`!-25GDda+W0}iN@h~eUpCEg9KN%-75ViHA?Ai%IxRRC)zQk>B
z7hC4L_3H&fJ3^O62Sjf@B|%OyEh4TS8;yEv9%Okd_^-7s4pyJB5cH`>nYGtyBXYHe
zct00g?805GBsQxC`-#h74P9b$hOoU5x;N{yXdg{H`ffiMde#<`s}gL4d?D~3Tcp}v
zx>wc|Wl&5SN!!flXphAMV`K4t3zXgYE0mU+B;-Q!ObxP3c;yJ^R`LTkeZv`1jc(4M
z^%#IzY5Tgrg15w9>4t_-(#DwXKOGGJ{pEMucKGYC_+M%JuY=(~nKl^6AA|h^NkV-E
z_WNIvq_1#*-&HhAF5xD^2Rn#3Q>R9#q20!_i^S^?y7u+a#X8}ZhZFf!mr}1`#$y2k
zsX7Tppv4ts7MxUdHf<mx+k+o<R()B@(&4@ZB#mJUZ+FzEBrH)Kv|#joW(P^?9c!_6
zam{<4Gsd(Xe~-b~OJe&MWgJw%v4pTyOGoqB4TtOGVtu93Jm0*pGEn^l-u(j7x|R+N
zY*J>-Lco`W`wW7*+fj+@<AWYYy2rekZ>>^&#8j-@RWwPzrnOC{f)~?CN!8+qezl*(
z$Ap&6G(|6@(a`K~K(ucN=E?tzo0`3v&P+9hgD*9rHY1-Inuiz+1ZlsK=}eqJ72lDj
z$%rZxsO5qWa5v?ULIk+#Xb!2NpD4#r>Aa6D+eQTo=b9ABARf}vdyi2nNavhI8E@f0
zDJprU^9SZgor1B<%i8{!KCxHgug+ny*G5jD0Fyfj!oAi?T4o#Sj)TCw!8*RS8W(>L
z7Ms-DU(pYpbhsVj2Efr)pk<e*^N-us!i_?J-Nm<v%cHxj;X+1<X<&T0mB&S;P4LGP
zWb%9RtFv2JV0uM>gT%6z^;ILDWWW4wnja0Pj^H*5+FfZgclE>8Gc7FC_1Xmo-{7T^
zYg(Y^LFIPYdM<O2F-{5W9_~@DRrPuaH8Da5a-l?hNOYi<8q0drAcZQ#F4}ZO@@4(9
zjKs=a7rHzw=i_fkQoY5#=FjB%CzAXw3h@S&Y1?VcTI*nPsmo2l8M4k2RrU1~^OZ@W
zCeRdJ7?AatS*K>nTH@W6)&5<H$paMrc`q;?O+qXCn|+4d=r}5h9-G6-`)qeTOD<Jd
zx1~k^e->Q`+4KNd!}cYohZrhVJp+`RD~xw>vq#ohOrs$zrKOfGc0N9KHFnvsJf0Yk
zt*smOQ4y%hLLz1+WB_Pk>chG-T(7BX=KPHOm%G+;_{CA{om5-<A%8T_z#eAAJK+3N
z#?u?J`}PQhIN`KwaL$d6qSM2XY5&pgHr=<caSxGTi>u8anqrMEv+!k$hN{~yN>gRl
zbjNA367qw%99_~@OKCMwXOgWJLW*MlB9HUR--!~I55zmJvn?Qm$6rUaU>gr<N_9>q
ztgTBBf6eIQeUkPg?{!W|+q1}F)mydK^jWA~rkSOrV8_q0IZF8yQ%~pi8D)uSURh%R
z&F?r{%np5^$_^Dg)1=OU>|Q1Cj*;XQRWKZAQ=v&8HI$|%Gx~{4p;1V9SE_io8A0QA
zj%q9zM*Z0TyPC;ei?(U+5PGonAo0$L<KT5Sto#qi?dyWgAKK#-NpmzyFW)>wlliF;
zbwLIahD3K|e$nv_D4deedJT@z!Q=62AR7jeL0s2E_?bH*WVm``Wj2ep%fC@Zy{C#F
z6<`8M&U-v*GW7PDze{87>6V+n!;HJ0$nm11mLa<T4Y;YdxaIwkM^E&NPl_K|CA$^G
zJEF!I(gu-p3x)@#^b7~-$_E8JSgIUp#*TMB+;o;clwmQ`H|=T>sbK<D;A=E{xg#lu
zC~&B-PGCJ^0jJ23RLinxhLs^xN5tmWi3J0}6<yhaJ1KC>ifh7TzI;MokLP~UZ*A~a
zbH`%a0@t7^qK`zj;L~k05#a;mD6c%{@W%dA9NUVSc?3YRV@!-6&#ZLFKy(n&6;UMe
z>DfIkD_L!%Z9!b_c&BFOa1~xctZ<(_eOvT8K+mQtO?_!!;Y{C(YtD;i3Dslwnbe`D
z7L-r}9YCY7qnf0Bh7l~Tg|zjt@$||NF?iEg6t-}vELwDO$v&#KOqjsNYi+tTfd9ok
z9=m_!X<xi9OgIU4u;zgH6nYWQ45Yyd1oITkNLwa=E=3T)ID7q=CvFMDnU#dk1b#|~
zGxh#x8df~Cx$t)P{JO>0vI9q^&9$ODGr7%!d@u{tm%=6!m#nX`tEg8sf~xNZ{j=c-
zFsUr;^H9E%>a~k+3`Q;^yap<nb36qPuhtUHpXZ`4E)5hw%YL=@o*h*)9r;<j)U{pp
z7);wxSjaiIhi=B(6bxoia!G@)A=`J_rJj4`4J#Izu>-z6##4YLH5rEFo^2;5xIw(x
zfoap&9E+lazFj_-#Wlw+IAb`JywiuiVm2r93knj%g2OGdT5~H|i*wRV@tw3nr;3P>
z37Nlw+WTUL@F>=^?qB7({3B0*sA8JR8+P;zBE+YwkDbx4en0b~uqXx2ugxaW@iZ#3
z854c2LBvTsnmiTYS*nB`*Rj9Qi{(RUg;A`|bwmIzSE_&w)lR`n5$yA;#f9@8ms=d&
zNioqMW%aMvX(5=vas^FlFiAU=fe%d4ezL~c%tyF4I#JCTu0*u3oV*N^Aimres5d!9
zm`$`nGRCNGkQ)M>PzJWr$=SJGPU6Q8u6^FfuRz2X+2H$@Oq%*%W+qGGGqD8jQRkA(
zyW4K24mg-=^NnQC_XT#`7a|2zQlU*1fyB<MnTk@0)f^PjPUCFtmlzo5Lxi=>l100N
zTdd82Qr-Er=&?#LjwO`aYVkqLP0F9E`S7m(MIKLxKl1RjTK*Cxv3}EPg#=1!3Rtrk
zcy%1xCM-xFSEls&2nErK%J~6>y!WX<&uuN-<(0>txgdm#?F5Lg9F$fT;Pdazo=&v6
z-RkJF@_H$dRYpPymN<sRaA8)yNiLYD^708|HPjh`z?CTq+JOZ<jVqkRaVObiKxIl#
zOq$s_bKm6HOF9@+$v911EycL-;7|IX0!gK}ckMyOrPW&3h*RzQ{%Wi%1p(UV7AC`w
zm!gRML@bJv9Its{Sv3zBuAHEfyDn=vSm9Ry<`Bg}P*;KJ*RL*z88~CC+CbpLoWsb2
zBDMgjx;Ap#;Iu**4vf<|FA-!5M<{TS`d&ddq?3rhv(rP<jgHfm%hLU~pMlg{Jgff5
zGv?^;X!RuiEYyVXDe)z?*E@bI(Is>a)~Gl1fu@YyP>pdC4qp+2qb$4%?kbEI<0sjm
zrAf3%LBzTA(N9RYN4D|a`aa?Zql_~z8suG!??YKNm#<@3gN75@;)deCDB{I9r%LSK
zWJPCbAwk5rgH}8rmD)YquVdkPOHh-t04#HXxIuGz?KNRy>kd!p*S`*#A8dp~VEalR
z{e<1CbPoyRek>slBFox{!n%*LsYx`SdV|qG3Zp}f8wJN%uMG8Djp*YEtS7s27~HBo
z>C!&Kn8(B@=PUJo?7#S2cOeVg2XuH8exj{S&3Y@#gcDEEZKU8VVtM}j+!EqwSBy&f
z3|dEoG)@hFBf})|R2$o|HfV=jOCsSlREw;J+}bB5nBSt#wQt4OZFm0h^<C>&h6IMv
zb9+}@ltS0cu~H(VoI)ezK(!ipSFMX4C%zuko3|_^35{^Ecfn`nL~259;Q^74DBn?H
zEOcU-&4}>e?et(7hSqdCr4c>>9@o<wbCR7dmGdQM)^tl6WJ;qa6qQ=vmBk^B${+R7
zl7W=FUU@s0K<5f%6qZhpOSq?$gMCAvXa%LJ!y>>%dt-8XI@Nh;diIP;$WBakcq^Dv
zrHKx9EZ-QBRmpX!*N#LfC;QsvJ#^@F7p6H?l=+N;YKx2bj?T8Ly$0Tc%wja`li?+-
zPqudzbNVlP{NvX8+a4`{>;a<N^DX6^o=znQ;e#x9^dJ*Ae6&r<Ws#Bz-@9L}U#Cce
zyvXwx+PrO=p01coLmi7Up*zt55t*>&DQlp0VH5vBZg{TYuW;0@&<S(#cFCKv#DM;l
z9{Ich399cm<bs6hMo1(l%On9ORT2xWni^K8i}$!2nesUZ{q00jfoKZd^`&_#Kim`@
zVSE$zF}ECGKYI{He2(5=%we_jMFXAUNF!KD__4O>w_bO><NEXB<qo_nBJS`m+<uB)
zg4b|N+`~BKFn8L{k7Zbr@Hqtet#7^2>}GmTn@JtPB`;2r%%;nlU{h6Zd;OHIXh1Mv
z$&y~gL9zoE1VOLuCv|Jij$btA`o72bdZg&R`BJCLLCi6z2y|%PRcKL}_I>l~oWDm1
zE3*n+MMRj~l95k^p=Sx!tqWZ$aR5^KZaFEl7sZlc26EF-XVpv~A^nMk3=(^NM|P5I
zaR|<le89`IxR2aL8%+ELfxCc4jPnc5gGxo#x=gV~w+nGwpw3sYRwXFub&0BG#M+>y
z6E3JMscsS6lo47t30oB=;)?QvgIlaRpoZIoC$FJ<d^ClfyI4X$0w!9k_Uso}X=Uc+
zk~)48N<ycATuuBTApJdo>&K*e2IrE}jtSsPP)X$N*-pz2KPWf!G3fRxHTm2P-U67W
zM5FAcz6pDPUqB5Bgy{8_oCkGdJCf2Ll=ojN`K`?idho10SQRZPmYX^+P9+EGrr#->
zR7q9MkL5Nro|yCXCXo>TL9wrr%k5HSU1i8xmJi0h7~IjbTXtPy)#+OXBi!&%WgW10
zhi%041JtBjn_r`dO>81q7F%spU7Jy{2sv&Xf#M+yly5RFFEma92A7E24`~NGYn9uC
z-ZMO)GRu!TCCfx3_Ubu%nYunG@)7}=Kkd$s;UbF#4xxK0?9O3AQ*PkC6kI-_zdB8E
z2_L{bd3asv@@{tlzoncOZmOtIEm>%qj@|=xzD{anh55O$)jsla3?yT%k&;F5mMlsQ
z;EV<r3l=yneYr#tt_?3cv$(<~v1wIx4?B$Gg&E`Z{hAEEYeYA+Mk98&K{KSyFZmt$
zq7gyIzPNbvF=<7z1jZBR5%Ghljj<v<0(J8Mg%t=WB9lY~6DxVfuT#djUa32n5u_xv
zKlRh;B9cfdO)1OCN`F`r&0DF=tH4;n1{YyIJM~jAcbH$m1}=<r2FC5IMNbw2h=yTI
zb$e)(bYHpqsn}d*b9dbB&?>6$p#<-qJz<*F@EvhRa`l-ykK%~((&{U@*&9gW_NEG|
za0*!I6^R5!pm(Kq0s}DAAlx_Uq!n}!xCg(Xt((vsFflKMnr*?BF<KscS!+05oUjt9
z@l?h=*+ft<MU4;nX)B$x2X*BTL({*ZJP;s+e=gFnU{HS+=|6qrpZl`)S45yrY_A~b
z`-(-D$b6>BG~SwDcpnuCyQfuwO_-F0Jw&bc;T03?_G6D2$d*9|K#*2K2}D#I+=aF=
zTk^fNh2oDYUE?giVqh|_AMs@+Pq>t;nI5i=_}O;tX-zYD`0%9~x6sKbzXa{ZCWiSY
z%1sgaxuqItIQ_8L_;z(#?!N=-V1t8oXI{UjWal-@sjC&;^sL1tn3H!pH{*z2%qz^N
z_VJSrIF||rntAD!6!cJ_Dex%-n|8W#hSone-8dxUw!y$C9@Z)}`x)7z*&{)41EYL}
zP+e+$zF>s%WmnYko{5kM7_w17Iyta?%`;@WvzWooxm5rFeU?(H+I^|}=wqSFHH8KN
z7m#6%eQTsKqCBJlI;qN=sX%?uNbOAEW@cc)f~+YF8L|vcHHkzJ!3AZRsg;^35D_!F
zl<~(6A0w50TPHJJ4ftRIfA)SPnQVZXTT+2QXdE9QTB(fLoJ^vQ4A11m<VZSM-Q+2C
zd2iwzd9s*_F4Xey7*>0l=9*^H<DR@l!74_aXM6hiRF(FjwTeThif5KcnKUak7|K)K
z`_-$MA*<*7DINSs8H!8S2OA3GFB<BCa1T+vC!T`n%RHu3u#-z^y)-%?3PR?4vGBZX
tTXm5(<a=f)#O8<kxC%R4{myz^L2Pmr{S=k4fe(5%!8L-4yoLPj{{WVdsZ;;}

literal 0
HcmV?d00001

diff --git a/bootstrapvz/plugins/puppet/assets/gpg-keyrings-PC1/wheezy/puppetlabs-pc1-keyring.gpg b/bootstrapvz/plugins/puppet/assets/gpg-keyrings-PC1/wheezy/puppetlabs-pc1-keyring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..33a7a49381d5c3e36694600df481229bcd22f9cc
GIT binary patch
literal 12283
zcmbuFQ<SD_vaJ(;+O|<?+qP|IRob>~o0Yb08<j?-?MnMp_1eA9>e0RTxj5JF_-^Ky
z5i#S5FC7F9Aj94v0E`IK^jx4&B<Jl5?v{yUTsoWQodz1TCoCBR#)!27qwWZvAU+wB
z=`En(UhGwkAH6H)(_f`WKb;2W4$=|{(z!4*x8tH)7-?f=t-iEb#02b-t1U#FcSx=^
zb9knhE}D4D^hJ#M^IqX>z`6Z?!@=OC1C>VQDsQCy$fA`WU>U$#WQ_ycExko}jgdEi
z!%J?M@hcI;p2ixcrPm7>>&G|D@lH<4Yg^Rl4P17?@;WGiN@%zGG)#w<CvRou5ShVO
zm^OlC3i2y?N*@lA8)f4<KJHvl<b#@CHDwN{p2`c}E2E5ZalQ;!s@);Bh&{fdv_qCW
zDt$NY>zH+X@5QTbOXZzD$=7gI237U$v>o)UY9F*sdX+(ZYrj<Ki%r&#ydmnHnUSgz
zxJLOU+CYE2ppJerG~c3di{SBYlvTYYMmgLg7S?G|VThzg`wUi{k{epXZqFrB6viTt
zZm{#MMCUg?lpi1Za%)OM9D9wwxL7#D!unfx7y<B{<Z`y2ePY*|Z0<LFEqKwQ<e$rE
z5JNhCF;eJA9U;aby*_u%$>{cR(QHbr{rodu8V`nfT6f;fwn;fLa7w2o!elac?nt*^
zWUrCUGI03X23F=$SAVSmlll6^A04i}!etk4|73;?C5_}H@2e;0^gDWI9G~?RdV+1R
zXg<8pABQ1V1VRD^0&WynaJI8Ebt058G;$<VGPN=_bTlQDHgzYY_#Yl933<$IzS;`d
z{o^~U-=EPL+gkI51LFb^fkA-4!9Zl#d&PjDp%96*J{0y*?U-s%Ac695V)z_)^Kdas
z#vxShjz4R3$h}?G(+R4IFtHB%9UAT01G2B9^2PPqvR$Ck_?aq!1rrCe6qPE4UzBnR
zEdf*qQ$R1QFqcH8q8=c4(My$8rZ3VQAMDCS$(^HQZGeMQ7A=M-!~#{4n?z%SFS4dU
znLe?!KyCO=e)5!50~qP>{k{!@I`Kb01b$k9=~Ur(WbP$#N7b9t_RAd?L+p0Ge+BiV
z=c&i)=t7{9uRalgwUw*v{+TR!j>*`HqRhi5L3;1`&WM~*s8ncB`#ghEs<y0`myhV;
z$d_yk72&Pk9T9F^rwp6URd|F}p1<!@@KFy#W2dT+!U2M`3GfRC`EPj?_cx~h$RouJ
zld&Z6viBT>@TthAkKn`7E>U*Me89|OC&52!kwwd0`xMZZSm)XRFWhy`+vKVxYqoGF
z*3`>b%8;l?hJaP_?!N$cOVO3mY*m~WZJxX}X`(d~Ta72b7r6jyeFq7~MVVVHW3*rs
zuFrM7<wbgUH+COs&WKiEZ>^ywUOBhkpDu1ov*2e{U6Kebjp;p~op8?j!OuC5*2yrn
z!-MR*HzYlh1VDQ}(1&sM$&DNbqOXh!ALtls9_|ui2#beeYnphyY&8kb@q=G6P>FJn
z^$OIaY|Uy9E&-pFDW4Ln%{*|K_y~Y?bFe}6%Up3Kg`<^fEgH$F7-(%rs*%4&6_Y8R
zRu?=wP8aJS7si)Pdj~n}#|dMd%%|mf2!S6NpujSQw3F(SsTATf!;-VR(LUgKo<B3_
z^BF~5r!y)x50ecik=T8q^@2Y`YWtWJxS1>^qs(Nt<%;-*c?^7z&r#4(Gj$=&2f4O0
zaPNr=Q*u;NrGfQmog5%y=*OdbO5V-1HUw)d$c|S%%_BHUd9A%Y8lIDU)MWDT%ZUKP
z)l^31A_(@{!9^z&FQ*}@!i)82%Z0;(nrg@(Q%*am%9+An5Sl=#G?=`~V8Y(RmHwiM
zY%=0uoh1n>D%p3LDKMK9g1+%f2R?E}$bPlrEx*-gRiAufUWi${6<*~bahn&8tK5Zz
zQPyAffc!`GJPVxsv4;-I(t08o9Vmtd!UqcmB0dW_@B|k1yOZ)fu=3MvA>V1N1_@`=
zdo(d>Mv<rX`o)80Edc_newkVStTj?Lkgez0MobFFN4?FCQW&fe$~E;jid`n8p&u;D
zIU#gygO^N2B?W-H%%4=Q{89u<<eG5MQ@BHIs*{n6GqIZdFP>=g*dwuxS8or?Tp6bp
zUuPQ+J~VY~NE$%F=H%iIr{?G9I*d;dg9=5-=x7KcMm)7RVUTNCQ5(uefabBSsc9$i
z#9Ut4L#Ow3MGXsWEf&Icz7gNf0IWn;;&&kYk%G){<WV)xz_p#Nxd1ynHSJ<mQYv0F
z{F<nbex_si@v+>D0^ME9sZBa?LWycd*fAcun^a5)+Aew%W67kzoL?6sjv!oaI3xn%
zt~&Z?u{4Q;msPt{I+`q=_i2{N_j--<a~uk1#!PhwzR>eb-F{CjW_BwzSr(=rd^~bc
zc(>B?o)ZWE_$n@O)z)Mf>n@05fb(P#+CAE4nzt~aECu+&zvFWG?fA!s%Nj~%@GSn7
zv)s>h5k9J2ZMusAm-+jp*i{BJ>!{#z>62yw?S+FmMVeEkgF^7Ht_PCpQQv8>4j___
zgF>gV3tUAX1-Jw8Fg~PZ3GXbuh`!^df_CgIX5-&b$p_CDzrVhS(UCq@m&D2S5Eu<V
z4c7g*+#y^76NS)ViQkGB@LIeI2jK&t{BEukAUL4lFi?;XpdjFAkRVXdFaUHAP+$;z
zU=R#HFcA5h{TDDO7zrk>KL$cnX(^CiI%j~SM0m%4aPZw7QKbY)+>Ed-#Z7Q4$n|Y2
zh<dq1t@vdY0`{xbBa}*5@YQ-<EeZr?ieMBhnlZL8lnNbTO&*1IdNvsHVs62lP4t6!
z?aK<d<(S@;0??Uz)YCQ|4xgD3%I?HoKFWU34oyW5<x~E&AONh!w?*&m`A63z3ES|{
zS{R26H=4+n8Acbm6u;ZoZigPUjUvV9Bds4lU3!Y}<D~QKGkAP9qGF>ErSp_MfWAna
zR5*L(MzKUiG^=-C`+Oa^?+jCKQFlb7oEnXIK4B;VRbV8~@;H}HW|OjCC@+*hO{ev{
zty(dK!vecX9s7_Y@&1_Dqn<cBIBx&Bsy>tHneC6~gc7NyldG^o8S=_3ul4g$SyA{3
zQR4jeic6;f$_J4gw;A1ctA{N*%ERqVr2qyFqRX4rBNe}TvO3qxo=-#~78Z$lwT&U0
zVi!~1yT)^xd|8SBLkH`)7M0Nhz69Cj;pCKB75o$jkGlP8Y0bu$Jefd58Z7OHzhZ0W
zuu`;iT>5zY<5vP6q_jlza5)AEpJ2YqdA)`#L~yJe@^{HK2O9@i_q@xK{=@(WwFrfk
z{K<m+&fAirj?=?g!1qupe-L>qjdE)y-6?!>6cPEudj-;VFbN0?qt}VfozIM1|HITM
z({YMzqYKXBLffoH2U4cZGY#9Y+D@$C|2EK{>D(dk+eTnep#9%~{zo(Y-9T8D2%lzc
zLGPzHMII80Isu9%jL5ea%ul`&AXYdIrMO!*>v}o;GfDXUpXd6{_6O>M5W=fhAWgx+
zZVfVXs8J8}<IGir+ti~%n$cxz`H_m}eimWbIS=m+y?Q5i{>57`J{9z^Z1E>PX5)&!
zxyV)2mGRLJ3#*fe>26$oi)$EDjUa>r-+HEP6+;3kF)PjR;%d;bW-c$H)<LN*Nrd6P
zzBp^cl(3tszPGM3WVSW*kDy|3#c`f??kl{8-==4)!xJyBArLBIsdSt5Q#(r|#tdR|
z*p6c}(!K;qx|T1A-TF{BwrrF_mB-+Em}Q33Y-6%dBStZzZp?EM-6}FY+Ys$<AoyME
zE2LSVIPGPsEn;vr#QTX4s_n(6^#R@DoRG#Jg^U0bm6CO2?OgUHP^e_)vSGN~2!6YD
z2qCqLYY7wt?;1Z~$2_T>MT|I+N>`I$(0283CMw4=R!xBW@y^LAC)vR~o0gYso}^(K
z;Jnq(NY;bU^QbBu&KV@!pK04fjvJNAvncAb%-~b~Q`+)2#WNV56Y(QjRzQwo7Aaq2
z5d9Q@1!m(1(5umILS^!R{{DPmj*q)$_aSSbGAV~M(#BTCPOSqy&S`PA!AwI14bBSp
z2>XTN*x?cfdac*Bk|WM2no-=2g$=P?aTPW;DJtPhNOSSH8{SmHp7YLM@ecaWfKq|z
zfd6BU?{>BY%j>ADJtYtyUkU{Ik|82*Xj<#nOIc>4z8*1hLu_Seia<*RABIWXX%dW6
z`LCv+<a(c6iuF5B<{_IY-Lt5+z+dEJSD8ztU1k?CRr);5JiQu8V5BP6;P)=0R3tim
zYiJ_@c7Y~3lVrplqu8?vgeG<B=>jUQZDoz!1G<84DL-GHzoWrKd(_wQ$u){0h~xoS
zV4!Al)lMl9yPw9rQICG9jIDBXoabH>nLLgJUv7H7Er8SLJ7(ZH!FW>ED5zbXB1P>T
zCFN3i%9E;jY)!APC>cEFuLh68gXPALDrb{8j^1Cmqr2rmPuu4kgOu>RCxDpfcKf=6
z00vu{CxR!lxY=zQ```8Tzc*-g@Fy@ZC|K6{slV4(=kH~#$~iW+>(=gu$VMyycCBMG
z$`as}I9?>whCtwysjQ?<A=3wuMmwuLYnbO|wx{368Ap|0%jc?c9}2|ln)S#&`K16h
zt+tpA!(%6mpcWqI7|Vodb3%`NRM?3O1Vd;{j(V`bobz)uhGwOG&r=k~w-V=zXX@P~
zO=&n?fRLq;uigS;Q|l8zvW``XBg_h)n10N1P%hV%Mn}jQFzp(HhF~H&GUIs5sXQCQ
zv=84Nni~d8^rT`Li}7v&H#K#Hk_yF-v}TZgS7^CiB)u)!Gj(gAMP2EnuPCboPo2|d
z+Do9EXf7pCmq4tSmM4Rc@e_GW2hWJgk5xvP|Grs_ciu``vsO{2rCnfYsZ}n2!z>2H
zSr7Hmx9J^PpNty0c4^g2jAD!4{V9is^c0DSvIt2ohL~&01(#FMRQER6IGQ!-s=Q7n
zkq;i?v{S@FpS!P>v3c$JR$&Fk#}2F*lM2h-d)$}Qx-7K4dp_JZ!&)$nB-I{_PcLS$
z^tgnJ9HN~!+2sZp6aM(|os}l7U;D0h`Pc1$dpI@r1r7H&z4gP7HVVa3tbjvZH>Q|d
z%}RM_Cj6eD#1#CYrUwr+moU65kL~~#fz+e)?d)$<Df4_{mtJe2zqWm2J<g6^k;pr2
z)f`dCyg<U4Xf1T|E}SGK5llcTuf%k8u|tj@|F%A<K<xzou?GsL`Y94f^eu`V#HV7M
zEFF}-JMyOK;L1}c{W18s`byoqE?jdUm@hf+n-q6NrD=NV{V%#QSVUNV(prm6`|gs;
zZ&~<9V{r9{XlX%L^?NZvBIt@;jWQX8U`j9uSL1HHeOf%kc0-rEs`v+V9{4#O=QVV!
z)ab{qP|D(tcom5Ljw1)pXH_WHjrvTm(nZXq@!bsPEF@5p!2*0t^lXkguzQFt{Bkg0
zSgGu(*xX9z*ZN{2nR;q5EgJo=GRi8$F-&YHE2QfIEtFj`?vnjujjU;%9%VXCX6i1B
zEfFHNHk;Ju*Y?Xrzjod$kF3Z!$ttF$P*VL?s5amE6~ZH9se^lLZf2dph91*@V+%#3
z9QWUq(vG^;X7+MMk6B&}C=N>P%^VTMGLBTRRF0EiC_I4(0GoQLu8M{PHjfTt$?23~
zpU#=fUr|-BlJB;Z^toGNkwmzggM2&t;e^&JZGs&i_8slQ6_5AKh(+_#QZnH|)~K3q
zE}p9S{FpR3X`_TLV-(rZXRTku_1yt^eC`p*TJc^kp}KSzQH_g_0=d*e=v{{IU6C(8
z$S>XbVH!qyv*Tg_vcL8D$bEQvvPmDb9Sj8FI!sb9x06eTU9rHJ#vKX;lVVeF5^c#4
zXfMsC&Az|t0CDxZ3*-%yfM&R|5t6Sgoh{>nbB6Zw5y1cQ6#nd0QU9<InZ!&`wd|$9
zhLFNl;t{ZeGo!j(Xt5b}(ONBiyy9(Ht16H|GvCd6H#e;Fl3Kdu9c?20!a&tq&fHCg
z8NqP#OOBDwLt$|q2k#9qJ8(%X0pSip0T^RM&^8jFJ8myhER!_|T$Bnr)Sr(K&UuM@
z?wuUF2MK}Ri=jl$Ba~1fysFW9m48BIV8rloiSmLFnb3JJcV?DFb!2RF18lD5UP3f|
z`cKD^<>tSIb^zPv#VoQu2;q(KaxFfxBv?13d`Q<z%2&kMDe$wkrJjD%;QOgtWPEiH
zG_rqg5crOr+JkyvzJ}wyu|mS4K;d-X9hr7`K4|jt>=^S!{7a2Fk`$uQ`ghqan7^=v
z`rqk<ocT91Co6YCA!l<dlYfU7|MvVFVVIa&nY)-exc?i*0O9|gw4s40e>ZZ7zmhia
ze~Q{_-Q*L$qqYL^{GU>7eNOL%=&(}H=0pT)h-{-VXJEYU;mVI;d;)iR;-*)7RR9<g
z(O&xx^cyn!$wDCNxqOE99JV&Bu6;T+Uo*fhgw$Id`;(M?Zv$Qd>)lw79k_89Dr;`U
z%0rB$qV%0}v9umL^(yUWV1$%v&7rV9KDR^12)=o9lo}qUghsx6EX|cckB{RjOMC`B
zfV-J1@ots&VH&uhcW-IQ;As;;_$emMW0Mr-`IxdXkrZI?XeGF0&NF#di~_bJ4X9N)
zbF@4O69;qy!geT;6DMc5HA9*;TohuEvL7b;zlkWwNhJ%Tj^45ogjoFotLcDPTJ@3v
zv=L*mMt+}e5@p0<HX7uhzqWT$sKehE;UV(edM~+W?y0t_^40Pji@g{&d>O&}aS{1S
z?quLM_^CViG2NV_RxT4!O4M@`Y%R>CoI_PxUHn)?WmbYY`%T9Z<+RUFufglv^fD%C
z_%Skt1dm1j9oRq~-?c2)_DPiVf%YxqEFpPYI`C~2K4gfoLX29Qkm_57Dn={6JrVnq
z@fukwsoR?$jd@z-1UIhvum@zN*N(~dJQ2gbC5j+t19rJf*!=;!UHVnvdFGy=^)emm
z?4=djB)RKltITicnF{g=+s|#eb6eL8@BS(xsIQOi^#n16{KPa@qhcNaCo7{#$~{~V
zIf{xYBr<FULLrsBrinc^P)H-zsQmwF&HqT({;>c;|GyT%|Ln?$RD=&gUo8{&6r3Eg
zcePOvwlp6%e-Rcr(`g~PN&6|-RtXwrt*gr}vqbKR52>somNYk4eX}$m(Im?P+#vc@
zj;Ef>^_bIyYaqC*7$+wcc+mH<FP`cjag|^VNDY}8yI2D|hzG!sz@<(1ZXPz_f?qx|
z5vlNx?nelV$y&988FVa*{VlFR$Oszm$`ePagWg21ko>&nsTUU{k;Yk!?ogKmBAkt0
zFD5RcGI|#|zyOsrDsYP>w0+<jD01(|SbHX|4-k54W}>+sWW2bjUc*W_S0fN(d`=Y-
zegb<;SMHl3fYby(nz(V+VKgCzDh<|PV1@N>@I7{spBs~Q8z1KE32Jf7x6nr&Vs#B)
z)8|`mf6{>)osK<QeWv-Z98s<e%1M_klY$BNaIzpCX2Jov%GCnFi)v)$Le=HQkm)5E
z!Ja(=^9kVX<cB6IZrMoP0sWLGLcSF4WYLE$g24^Ha6jukJlkGm>4+ejEY-85;utgB
zMM~d-G51~W-hkdWPjOtb6jw3h$s!?_H$fFl_79~nc&@(`o&Rad(C@CM6MHl@*{1+m
zD)Z`fBC(|%fZ!Q5gzi!4t8<lRUQ(s2IZfu*Rr<qcc0G3SS^Y3ZHZ>~7hNGm>EWwOX
zvO&}uafbYn;YC`n@O(2rYoNTjqc&>MT(D<@xA~aO);c@C?f(wYM!gh&Poekm8|VD#
zGuS#>o$)<5!-><vLG6)(N57Zl)q9U<1?xDDsibst&gez5s$qm?Rb;Kna4pmyD8;$u
zms($O-<YxHbWIZ%yLs>~`tkS6hodAC5p=dL>C_sMcOF=FPIOj&dE#40NMJDsBwO92
zex|PWn=%00J{-nkNOw1NAXnm)Z{b3J@dNzt%%eYI7jz<fL{k{HH$E_NKVnSsnx8ar
zpx5DTYCqRDQS?F!ULx{$!$9thw;HjMr>nVTi)Cg+%SY)QiS=#GRK5p0up%L60!-}0
z>0$gfjgU?Z)c59hD&ec?pb3l+VLW8o-@I2*1>a3+Pg2a6KVBGaf{SN_e$BAI?TuFk
z#&g=av7cH8=n|p2r;c33LR<}ctnCtfjM~&a9^9R}n5WO?z2z8$108RXug{hf)tpTI
z?5wOqd>RnPmvW+FVacnknAuu^a*YdgmjJV)e^NrDe&_J&Wv}kG&ZXRUvy~et8Ae`f
zU}H06%(UOf+7F)p(NbRh3Y&odcY5#b`@wq<lCIu#$gCu+LQL6@yFIL1z<EG0y6tFX
z^J+V>$q|@|f|vX*fOR+0NU55V@+i?Cpx4cE^L`4a(`s*%xHE|0|Dx-!<FctLs`hRG
zKkSdTFa72ExWpP$<^JIE`1}zYq0qd7P~STAj1{VY`yT@|9E1#j`FqYGfZ)J_f&A_p
z$^V#US%05qv!{qa#fF>PpFd(6<k$~vE5P4A5VIZKFRO;E{5R5>a%PC~Cl9?2>U_|9
z#QfWdI_ZM#*hEYd5_<Y}=?<+7qe>GwPsasazIC3hg%Pc(F7}==B)+hr?AylX_iF8z
zvd472UBP4bMK~<RZG^>uoAynV2Z#+fdr3|Hga)Pv5z@~v*RQD1LVL2oE30z_uZ0I1
zlWu?`z_gm6$gvViV&#dBBG|s8^PqD!vE+`KeqL9vlA;24I$L!~D)Xh47>GU_cU;h=
zV%DsX%phX&tmZ9L1i}w&-$+_Y|CWi;W;hEpjvR{uQ<1TLADYr1d9W;DlTDa92Y>*q
zG`^(N8&5<?vQ8od#pZ8s#0g&5h2HvVwC_W%ivY_#ss(y&r>lw4&VXyIVNHSq*a_u(
zUnB%bdZ}w#z)7<%7$_?tNW#FHFPc}17MYBoGM>V}E1*;y>}dM<x%&6d>e^$}$P?dm
zbI!5S;~i-JWSBT%Q)uzD&&cxaFOfr)H4=3%(b9C0ZjECl;eHViqrD^9`tj(bxBT2>
zJwc2lXhN1*as;-xWA6ok3Y)a)=F<tVKP@MJfq-Tzlj*!1Fzk*4PGnp)Xu`4(Yg`lD
zgvm<1>KMK99j+jH3LT%1FRE-Qx~Zc(V6hsvkSjF4LHSaoGi0<{$@ojrOAU|^Z?tf<
zg^e@H@F#eyH<R%F4&J9WpGR6IE+-wtT@2H7<y!#hxsFw2FJ@*V0>KPQR?uOmt$f1J
z+(Z+8q^h6F$n~=)hob3V`;WxI`8B>UA^tIzFdr98Zez)|Juj#9b(`Cmn4OCl)FmLT
z7w!)Z!&Sg*-xP7>N&EHGvGrM&lb%Hk`(-4|_4VK%De_2KX;VneOvhY<?=Re!>HGF_
z@3j_ReoA8mo|zsWXAbE=#09OTD!f{coAB{G(fHOnMdEU61?|u7yD@OocT{4T-mDDy
zMZ~^K?{Jl^Vnz~fPyXoo=Gy~al0UL?jdI-|YOY^Cqg4A~?s#tY7_|vU(#km|FT1fz
zOVUe)$%nvoIPMSLE+_mYcgWyHnK8mhOxvua)TXg-NGK_}^4S6qv26Clenh2qr~&}X
zDiECzYawX<=?*b^`!-25GDda+W0}iN@h~eUpCEg9KN%-75ViHA?Ai%IxRRC)zQk>B
z7hC4L_3H&fJ3^O62Sjf@B|%OyEh4TS8;yEv9%Okd_^-7s4pyJB5cH`>nYGtyBXYHe
zct00g?805GBsQxC`-#h74P9b$hOoU5x;N{yXdg{H`ffiMde#<`s}gL4d?D~3Tcp}v
zx>wc|Wl&5SN!!flXphAMV`K4t3zXgYE0mU+B;-Q!ObxP3c;yJ^R`LTkeZv`1jc(4M
z^%#IzY5Tgrg15w9>4t_-(#DwXKOGGJ{pEMucKGYC_+M%JuY=(~nKl^6AA|h^NkV-E
z_WNIvq_1#*-&HhAF5xD^2Rn#3Q>R9#q20!_i^S^?y7u+a#X8}ZhZFf!mr}1`#$y2k
zsX7Tppv4ts7MxUdHf<mx+k+o<R()B@(&4@ZB#mJUZ+FzEBrH)Kv|#joW(P^?9c!_6
zam{<4Gsd(Xe~-b~OJe&MWgJw%v4pTyOGoqB4TtOGVtu93Jm0*pGEn^l-u(j7x|R+N
zY*J>-Lco`W`wW7*+fj+@<AWYYy2rekZ>>^&#8j-@RWwPzrnOC{f)~?CN!8+qezl*(
z$Ap&6G(|6@(a`K~K(ucN=E?tzo0`3v&P+9hgD*9rHY1-Inuiz+1ZlsK=}eqJ72lDj
z$%rZxsO5qWa5v?ULIk+#Xb!2NpD4#r>Aa6D+eQTo=b9ABARf}vdyi2nNavhI8E@f0
zDJprU^9SZgor1B<%i8{!KCxHgug+ny*G5jD0Fyfj!oAi?T4o#Sj)TCw!8*RS8W(>L
z7Ms-DU(pYpbhsVj2Efr)pk<e*^N-us!i_?J-Nm<v%cHxj;X+1<X<&T0mB&S;P4LGP
zWb%9RtFv2JV0uM>gT%6z^;ILDWWW4wnja0Pj^H*5+FfZgclE>8Gc7FC_1Xmo-{7T^
zYg(Y^LFIPYdM<O2F-{5W9_~@DRrPuaH8Da5a-l?hNOYi<8q0drAcZQ#F4}ZO@@4(9
zjKs=a7rHzw=i_fkQoY5#=FjB%CzAXw3h@S&Y1?VcTI*nPsmo2l8M4k2RrU1~^OZ@W
zCeRdJ7?AatS*K>nTH@W6)&5<H$paMrc`q;?O+qXCn|+4d=r}5h9-G6-`)qeTOD<Jd
zx1~k^e->Q`+4KNd!}cYohZrhVJp+`RD~xw>vq#ohOrs$zrKOfGc0N9KHFnvsJf0Yk
zt*smOQ4y%hLLz1+WB_Pk>chG-T(7BX=KPHOm%G+;_{CA{om5-<A%8T_z#eAAJK+3N
z#?u?J`}PQhIN`KwaL$d6qSM2XY5&pgHr=<caSxGTi>u8anqrMEv+!k$hN{~yN>gRl
zbjNA367qw%99_~@OKCMwXOgWJLW*MlB9HUR--!~I55zmJvn?Qm$6rUaU>gr<N_9>q
ztgTBBf6eIQeUkPg?{!W|+q1}F)mydK^jWA~rkSOrV8_q0IZF8yQ%~pi8D)uSURh%R
z&F?r{%np5^$_^Dg)1=OU>|Q1Cj*;XQRWKZAQ=v&8HI$|%Gx~{4p;1V9SE_io8A0QA
zj%q9zM*Z0TyPC;ei?(U+5PGonAo0$L<KT5Sto#qi?dyWgAKK#-NpmzyFW)>wlliF;
zbwLIahD3K|e$nv_D4deedJT@z!Q=62AR7jeL0s2E_?bH*WVm``Wj2ep%fC@Zy{C#F
z6<`8M&U-v*GW7PDze{87>6V+n!;HJ0$nm11mLa<T4Y;YdxaIwkM^E&NPl_K|CA$^G
zJEF!I(gu-p3x)@#^b7~-$_E8JSgIUp#*TMB+;o;clwmQ`H|=T>sbK<D;A=E{xg#lu
zC~&B-PGCJ^0jJ23RLinxhLs^xN5tmWi3J0}6<yhaJ1KC>ifh7TzI;MokLP~UZ*A~a
zbH`%a0@t7^qK`zj;L~k05#a;mD6c%{@W%dA9NUVSc?3YRV@!-6&#ZLFKy(n&6;UMe
z>DfIkD_L!%Z9!b_c&BFOa1~xctZ<(_eOvT8K+mQtO?_!!;Y{C(YtD;i3Dslwnbe`D
z7L-r}9YCY7qnf0Bh7l~Tg|zjt@$||NF?iEg6t-}vELwDO$v&#KOqjsNYi+tTfd9ok
z9=m_!X<xi9OgIU4u;zgH6nYWQ45Yyd1oITkNLwa=E=3T)ID7q=CvFMDnU#dk1b#|~
zGxh#x8df~Cx$t)P{JO>0vI9q^&9$ODGr7%!d@u{tm%=6!m#nX`tEg8sf~xNZ{j=c-
zFsUr;^H9E%>a~k+3`Q;^yap<nb36qPuhtUHpXZ`4E)5hw%YL=@o*h*)9r;<j)U{pp
z7);wxSjaiIhi=B(6bxoia!G@)A=`J_rJj4`4J#Izu>-z6##4YLH5rEFo^2;5xIw(x
zfoap&9E+lazFj_-#Wlw+IAb`JywiuiVm2r93knj%g2OGdT5~H|i*wRV@tw3nr;3P>
z37Nlw+WTUL@F>=^?qB7({3B0*sA8JR8+P;zBE+YwkDbx4en0b~uqXx2ugxaW@iZ#3
z854c2LBvTsnmiTYS*nB`*Rj9Qi{(RUg;A`|bwmIzSE_&w)lR`n5$yA;#f9@8ms=d&
zNioqMW%aMvX(5=vas^FlFiAU=fe%d4ezL~c%tyF4I#JCTu0*u3oV*N^Aimres5d!9
zm`$`nGRCNGkQ)M>PzJWr$=SJGPU6Q8u6^FfuRz2X+2H$@Oq%*%W+qGGGqD8jQRkA(
zyW4K24mg-=^NnQC_XT#`7a|2zQlU*1fyB<MnTk@0)f^PjPUCFtmlzo5Lxi=>l100N
zTdd82Qr-Er=&?#LjwO`aYVkqLP0F9E`S7m(MIKLxKl1RjTK*Cxv3}EPg#=1!3Rtrk
zcy%1xCM-xFSEls&2nErK%J~6>y!WX<&uuN-<(0>txgdm#?F5Lg9F$fT;Pdazo=&v6
z-RkJF@_H$dRYpPymN<sRaA8)yNiLYD^708|HPjh`z?CTq+JOZ<jVqkRaVObiKxIl#
zOq$s_bKm6HOF9@+$v911EycL-;7|IX0!gK}ckMyOrPW&3h*RzQ{%Wi%1p(UV7AC`w
zm!gRML@bJv9Its{Sv3zBuAHEfyDn=vSm9Ry<`Bg}P*;KJ*RL*z88~CC+CbpLoWsb2
zBDMgjx;Ap#;Iu**4vf<|FA-!5M<{TS`d&ddq?3rhv(rP<jgHfm%hLU~pMlg{Jgff5
zGv?^;X!RuiEYyVXDe)z?*E@bI(Is>a)~Gl1fu@YyP>pdC4qp+2qb$4%?kbEI<0sjm
zrAf3%LBzTA(N9RYN4D|a`aa?Zql_~z8suG!??YKNm#<@3gN75@;)deCDB{I9r%LSK
zWJPCbAwk5rgH}8rmD)YquVdkPOHh-t04#HXxIuGz?KNRy>kd!p*S`*#A8dp~VEalR
z{e<1CbPoyRek>slBFox{!n%*LsYx`SdV|qG3Zp}f8wJN%uMG8Djp*YEtS7s27~HBo
z>C!&Kn8(B@=PUJo?7#S2cOeVg2XuH8exj{S&3Y@#gcDEEZKU8VVtM}j+!EqwSBy&f
z3|dEoG)@hFBf})|R2$o|HfV=jOCsSlREw;J+}bB5nBSt#wQt4OZFm0h^<C>&h6IMv
zb9+}@ltS0cu~H(VoI)ezK(!ipSFMX4C%zuko3|_^35{^Ecfn`nL~259;Q^74DBn?H
zEOcU-&4}>e?et(7hSqdCr4c>>9@o<wbCR7dmGdQM)^tl6WJ;qa6qQ=vmBk^B${+R7
zl7W=FUU@s0K<5f%6qZhpOSq?$gMCAvXa%LJ!y>>%dt-8XI@Nh;diIP;$WBakcq^Dv
zrHKx9EZ-QBRmpX!*N#LfC;QsvJ#^@F7p6H?l=+N;YKx2bj?T8Ly$0Tc%wja`li?+-
zPqudzbNVlP{NvX8+a4`{>;a<N^DX6^o=znQ;e#x9^dJ*Ae6&r<Ws#Bz-@9L}U#Cce
zyvXwx+PrO=p01coLmi7Up*zt55t*>&DQlp0VH5vBZg{TYuW;0@&<S(#cFCKv#DM;l
z9{Ich399cm<bs6hMo1(l%On9ORT2xWni^K8i}$!2nesUZ{q00jfoKZd^`&_#Kim`@
zVSE$zF}ECGKYI{He2(5=%we_jMFXAUNF!KD__4O>w_bO><NEXB<qo_nBJS`m+<uB)
zg4b|N+`~BKFn8L{k7Zbr@Hqtet#7^2>}GmTn@JtPB`;2r%%;nlU{h6Zd;OHIXh1Mv
z$&y~gL9zoE1VOLuCv|Jij$btA`o72bdZg&R`BJCLLCi6z2y|%PRcKL}_I>l~oWDm1
zE3*n+MMRj~l95k^p=Sx!tqWZ$aR5^KZaFEl7sZlc26EF-XVpv~A^nMk3=(^NM|P5I
zaR|<le89`IxR2aL8%+ELfxCc4jPnc5gGxo#x=gV~w+nGwpw3sYRwXFub&0BG#M+>y
z6E3JMscsS6lo47t30oB=;)?QvgIlaRpoZIoC$FJ<d^ClfyI4X$0w!9k_Uso}X=Uc+
zk~)48N<ycATuuBTApJdo>&K*e2IrE}jtSsPP)X$N*-pz2KPWf!G3fRxHTm2P-U67W
zM5FAcz6pDPUqB5Bgy{8_oCkGdJCf2Ll=ojN`K`?idho10SQRZPmYX^+P9+EGrr#->
zR7q9MkL5Nro|yCXCXo>TL9wrr%k5HSU1i8xmJi0h7~IjbTXtPy)#+OXBi!&%WgW10
zhi%041JtBjn_r`dO>81q7F%spU7Jy{2sv&Xf#M+yly5RFFEma92A7E24`~NGYn9uC
z-ZMO)GRu!TCCfx3_Ubu%nYunG@)7}=Kkd$s;UbF#4xxK0?9O3AQ*PkC6kI-_zdB8E
z2_L{bd3asv@@{tlzoncOZmOtIEm>%qj@|=xzD{anh55O$)jsla3?yT%k&;F5mMlsQ
z;EV<r3l=yneYr#tt_?3cv$(<~v1wIx4?B$Gg&E`Z{hAEEYeYA+Mk98&K{KSyFZmt$
zq7gyIzPNbvF=<7z1jZBR5%Ghljj<v<0(J8Mg%t=WB9lY~6DxVfuT#djUa32n5u_xv
zKlRh;B9cfdO)1OCN`F`r&0DF=tH4;n1{YyIJM~jAcbH$m1}=<r2FC5IMNbw2h=yTI
zb$e)(bYHpqsn}d*b9dbB&?>6$p#<-qJz<*F@EvhRa`l-ykK%~((&{U@*&9gW_NEG|
za0*!I6^R5!pm(Kq0s}DAAlx_Uq!n}!xCg(Xt((vsFflKMnr*?BF<KscS!+05oUjt9
z@l?h=*+ft<MU4;nX)B$x2X*BTL({*ZJP;s+e=gFnU{HS+=|6qrpZl`)S45yrY_A~b
z`-(-D$b6>BG~SwDcpnuCyQfuwO_-F0Jw&bc;T03?_G6D2$d*9|K#*2K2}D#I+=aF=
zTk^fNh2oDYUE?giVqh|_AMs@+Pq>t;nI5i=_}O;tX-zYD`0%9~x6sKbzXa{ZCWiSY
z%1sgaxuqItIQ_8L_;z(#?!N=-V1t8oXI{UjWal-@sjC&;^sL1tn3H!pH{*z2%qz^N
z_VJSrIF||rntAD!6!cJ_Dex%-n|8W#hSone-8dxUw!y$C9@Z)}`x)7z*&{)41EYL}
zP+e+$zF>s%WmnYko{5kM7_w17Iyta?%`;@WvzWooxm5rFeU?(H+I^|}=wqSFHH8KN
z7m#6%eQTsKqCBJlI;qN=sX%?uNbOAEW@cc)f~+YF8L|vcHHkzJ!3AZRsg;^35D_!F
zl<~(6A0w50TPHJJ4ftRIfA)SPnQVZXTT+2QXdE9QTB(fLoJ^vQ4A11m<VZSM-Q+2C
zd2iwzd9s*_F4Xey7*>0l=9*^H<DR@l!74_aXM6hiRF(FjwTeThif5KcnKUak7|K)K
z`_-$MA*<*7DINSs8H!8S2OA3GFB<BCa1T+vC!T`n%RHu3u#-z^y)-%?3PR?4vGBZX
tTXm5(<a=f)#O8<kxC%R4{myz^L2Pmr{S=k4fe(5%!8L-4yoLPj{{WVdsZ;;}

literal 0
HcmV?d00001

diff --git a/bootstrapvz/plugins/puppet/manifest-schema.yml b/bootstrapvz/plugins/puppet/manifest-schema.yml
index 3e4ff76..26f88fd 100644
--- a/bootstrapvz/plugins/puppet/manifest-schema.yml
+++ b/bootstrapvz/plugins/puppet/manifest-schema.yml
@@ -12,6 +12,19 @@ properties:
           assets: {$ref: '#/definitions/absolute_path'}
           enable_agent: {type: boolean}
           manifest: {$ref: '#/definitions/absolute_path'}
+          install_modules:
+            type: array
+            minItems: 1              
+            items:
+              type: array
+              items:
+                name: 
+                  anyOf: 
+                  - pattern: ^[^/]+(/[^/]+)?$ 
+                version: 
+                  type: number
+              required: [name]               
+              minItems: 1
         minProperties: 1
         additionalProperties: false
 definitions:
diff --git a/bootstrapvz/plugins/puppet/tasks.py b/bootstrapvz/plugins/puppet/tasks.py
index cd12973..96144d6 100644
--- a/bootstrapvz/plugins/puppet/tasks.py
+++ b/bootstrapvz/plugins/puppet/tasks.py
@@ -1,12 +1,32 @@
+import os
 from bootstrapvz.base import Task
 from bootstrapvz.common import phases
-from bootstrapvz.common.tools import sed_i
-import os
+from bootstrapvz.common.exceptions import TaskError
+from bootstrapvz.common.releases import jessie, wheezy
+from bootstrapvz.common.tools import sed_i, log_check_call, rel_path
+from __builtin__ import str
+
+
+ASSETS_DIR_JESSIE = rel_path(__file__, 'assets/gpg-keyrings-PC1/jessie')
+ASSETS_DIR_WHEEZY = rel_path(__file__, 'assets/gpg-keyrings-PC1/wheezy')
+
+
+class CheckRequestedDebianRelease(Task):
+    description = 'Checking whether there is a release available for {info.manifest.release}'
+    phase = phases.validation
+
+    @classmethod
+    def run(cls, info):
+        from bootstrapvz.common.exceptions import TaskError
+        if not info.manifest.release == (jessie or wheezy):
+            msg = 'Debian {info.manifest.release} is not (yet) available in the Puppetlabs.com APT repository.'
+            raise TaskError(msg)
 
 
 class CheckAssetsPath(Task):
     description = 'Checking whether the assets path exist'
     phase = phases.validation
+    predecessors = [CheckRequestedDebianRelease]
 
     @classmethod
     def run(cls, info):
@@ -21,12 +41,12 @@ class CheckAssetsPath(Task):
 
 
 class CheckManifestPath(Task):
-    description = 'Checking whether the manifest path exist'
+    description = 'Checking whether the manifest file path exist inside the assets'
     phase = phases.validation
+    predecessors = [CheckAssetsPath]
 
     @classmethod
     def run(cls, info):
-        from bootstrapvz.common.exceptions import TaskError
         manifest = info.manifest.plugins['puppet']['manifest']
         if not os.path.exists(manifest):
             msg = 'The manifest file {manifest} does not exist.'.format(manifest=manifest)
@@ -36,28 +56,77 @@ class CheckManifestPath(Task):
             raise TaskError(msg)
 
 
-class AddPackages(Task):
-    description = 'Add puppet package'
+class InstallPuppetlabsPC1ReleaseKey(Task):
+    description = 'Install puppetlabs PC1 Release key into the keyring'
+    phase = phases.package_installation
+
+    @classmethod
+    def run(cls, info):
+        from shutil import copy
+        if (info.manifest.release == jessie):
+            key_path = os.path.join(ASSETS_DIR_JESSIE, 'puppetlabs-pc1-keyring.gpg')
+        if (info.manifest.release == wheezy):
+            key_path = os.path.join(ASSETS_DIR_WHEEZY, 'puppetlabs-pc1-keyring.gpg')
+        destination = os.path.join(info.root, 'etc/apt/trusted.gpg.d/puppetlabs-pc1-keyring.gpg')
+        copy(key_path, destination)
+
+
+class AddPuppetlabsPC1SourcesList(Task):
+    description = 'Adding Puppetlabs APT repo to the list of sources.'
     phase = phases.preparation
 
     @classmethod
     def run(cls, info):
-        info.packages.add('puppet')
+        if (info.manifest.release == jessie):
+            info.source_lists.add('puppetlabs', 'deb http://apt.puppetlabs.com jessie PC1')
+        if (info.manifest.release == wheezy):
+            info.source_lists.add('puppetlabs', 'deb http://apt.puppetlabs.com wheezy PC1')
 
 
-class CopyPuppetAssets(Task):
-    description = 'Copying puppet assets'
+class InstallPuppetAgent(Task):
+    description = 'Install puppet-agent from https://apt.puppetlabs.com for {system.release}'
     phase = phases.system_modification
 
+    @classmethod
+    def run(cls, info):
+        log_check_call(['chroot', info.root, 'apt-get', 'install', '--assume-yes', 'puppet-agent'])
+
+
+class InstallModules(Task):
+    description = 'Installing Puppet modules'
+    phase = phases.system_modification
+    predecessors = [InstallPuppetAgent]
+
+    @classmethod
+    def run(cls, info):
+        for module in info.manifest.plugins['puppet']['install_modules']:
+            command = ['chroot', info.root, '/opt/puppetlabs/bin/puppet', 'module', 'install', '--force']
+            if (len(module) == 1):
+                [module_name] = module
+                command.append(str(module_name))
+            if (len(module) == 2):
+                [module_name, module_version] = module
+                command.append(str(module_name))
+                command.append('--version')
+                command.append(str(module_version))
+            log_check_call(command)
+
+
+class CopyPuppetAssets(Task):
+    description = 'Copying declared custom puppet assets.'
+    phase = phases.system_modification
+    predecessors = [InstallModules]
+
     @classmethod
     def run(cls, info):
         from bootstrapvz.common.tools import copy_tree
-        copy_tree(info.manifest.plugins['puppet']['assets'], os.path.join(info.root, 'etc/puppet'))
+        copy_tree(info.manifest.plugins['puppet']['assets'], os.path.join(info.root, 'etc/puppetlabs/'))
 
 
 class ApplyPuppetManifest(Task):
-    description = 'Applying puppet manifest'
-    phase = phases.user_modification
+    description = 'Applying puppet manifest.'
+    phase = phases.system_modification
+    predecessors = [CopyPuppetAssets]
 
     @classmethod
     def run(cls, info):
@@ -65,19 +134,14 @@ class ApplyPuppetManifest(Task):
             hostname = handle.read().strip()
         with open(os.path.join(info.root, 'etc/hosts'), 'a') as handle:
             handle.write('127.0.0.1\t{hostname}\n'.format(hostname=hostname))
-
         from shutil import copy
         pp_manifest = info.manifest.plugins['puppet']['manifest']
         manifest_rel_dst = os.path.join('tmp', os.path.basename(pp_manifest))
         manifest_dst = os.path.join(info.root, manifest_rel_dst)
         copy(pp_manifest, manifest_dst)
-
         manifest_path = os.path.join('/', manifest_rel_dst)
-        from bootstrapvz.common.tools import log_check_call
-        log_check_call(['chroot', info.root,
-                        'puppet', 'apply', manifest_path])
+        log_check_call(['chroot', info.root, 'puppet', 'apply', '--verbose', '--debug', manifest_path])
         os.remove(manifest_dst)
-
         hosts_path = os.path.join(info.root, 'etc/hosts')
         sed_i(hosts_path, '127.0.0.1\s*{hostname}\n?'.format(hostname=hostname), '')
 
diff --git a/manifests/examples/kvm/jessie-puppet.yaml b/manifests/examples/kvm/jessie-puppet.yaml
new file mode 100644
index 0000000..1757570
--- /dev/null
+++ b/manifests/examples/kvm/jessie-puppet.yaml
@@ -0,0 +1,45 @@
+---
+name: debian-{system.release}-{system.architecture}-{%Y}{%m}{%d}
+provider:
+  name: kvm
+  virtio_modules:
+  - virtio_pci
+  - virtio_blk
+bootstrapper:
+  workspace: /target
+system:
+  release: jessie
+  architecture: amd64
+  bootloader: grub
+  charmap: UTF-8
+  locale: en_US
+  timezone: UTC
+volume:
+  backing: raw
+  partitions:
+    type: msdos
+    root:
+      filesystem: ext4
+      size: 10GiB
+packages: 
+  install_standard: true
+  mirror: http://httpredir.debian.org/debian
+  install:
+    # required to be pre-installed for proper puppet functioning of 
+    #  puppetlabs-apt, it is also the primary puppet module
+    - lsb-release
+plugins:
+  # It is advisable to avoid running things as root, use a sudo account instead
+  admin_user:
+    username: administrator 
+    password: something
+  # puppet plugin
+  puppet:
+    # The assets path MUST be ABSOLUTE on your project. 
+    assets: /your/absolute/path/to/etc/puppetlabs
+    install_modules:
+      - [puppetlabs-accounts]
+      - [puppetlabs-apt]
+      - [puppetlabs-concat, 3.0.0]
+      - [puppetlabs-stdlib]
+      - [puppetlabs-apache, 1.11.0]
\ No newline at end of file