From 92355147f5024da2c5ffe2c27547790d4aa07868 Mon Sep 17 00:00:00 2001
From: David Moreau-Simard <dms@redhat.com>
Date: Mon, 29 May 2017 21:50:02 -0400
Subject: [PATCH] First commit

This is the first commit that contains a first iteration:
- Documentation
- Playbooks to prepare host and deploy openshift standalone
  registry
- Working code review gate (ansible-lint, docs, integration)

Change-Id: I1af928c243358d0fb37a9dfcb516a402c070a589
---
 .gitignore                               |   7 +
 README.rst                               |  33 ++
 doc/source/_static/openshift_rdo.png     | Bin 0 -> 14646 bytes
 doc/source/about.rst                     |  18 +
 doc/source/conf.py                       |  83 +++
 doc/source/index.rst                     |  15 +
 doc/source/installing.rst                |  12 +
 doc/source/managing.rst                  |  29 ++
 doc/source/troubleshooting.rst           |  30 ++
 doc/source/using.rst                     | 635 +++++++++++++++++++++++
 group_vars/OSEv3.yml                     |  54 ++
 host-preparation.yml                     |  22 +
 hosts                                    |  12 +
 letsencrypt.sh                           |  48 ++
 requirements.txt                         |   2 +
 roles/host-preparation/README.rst        |  16 +
 roles/host-preparation/defaults/main.yml |  40 ++
 roles/host-preparation/handlers/main.yml |  20 +
 roles/host-preparation/tasks/main.yml    | 120 +++++
 run_tests.sh                             |  37 ++
 setup.cfg                                |  44 ++
 setup.py                                 |  19 +
 test-requirements.txt                    |   3 +
 tox.ini                                  |  42 ++
 24 files changed, 1341 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.rst
 create mode 100644 doc/source/_static/openshift_rdo.png
 create mode 100644 doc/source/about.rst
 create mode 100644 doc/source/conf.py
 create mode 100644 doc/source/index.rst
 create mode 100644 doc/source/installing.rst
 create mode 100644 doc/source/managing.rst
 create mode 100644 doc/source/troubleshooting.rst
 create mode 100644 doc/source/using.rst
 create mode 100644 group_vars/OSEv3.yml
 create mode 100644 host-preparation.yml
 create mode 100644 hosts
 create mode 100644 letsencrypt.sh
 create mode 100644 requirements.txt
 create mode 100644 roles/host-preparation/README.rst
 create mode 100644 roles/host-preparation/defaults/main.yml
 create mode 100644 roles/host-preparation/handlers/main.yml
 create mode 100644 roles/host-preparation/tasks/main.yml
 create mode 100755 run_tests.sh
 create mode 100644 setup.cfg
 create mode 100644 setup.py
 create mode 100644 test-requirements.txt
 create mode 100644 tox.ini

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..020d06f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+*.pyc
+*.egg
+*.eggs
+*.egg-info
+.tox/
+doc/build
+openshift-ansible/
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..2be86bb
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,33 @@
+rdo-container-registry
+======================
+RDO community standalone OpenShift Registry configuration, deployment and
+documentation_.
+
+.. _documentation: https://rdo-container-registry.readthedocs.io/en/latest/
+
+Note: this is a work in progress
+================================
+
+The following patches were submitted and merged upstream in order to make this work:
+
+- Don't set-up origin repositories if they've already been configured:
+  https://github.com/openshift/openshift-ansible/commit/0414e424c90000a9aa393a1d47404b726a2443d3
+
+- Add teams attribute to github identity provider:
+  https://github.com/openshift/openshift-ansible/commit/1a43e7da5f69d5015ed5dafca50f80f2c8ec528d
+
+- Allow a hostname to resolve to 127.0.0.1 during validation:
+  https://github.com/openshift/openshift-ansible/commit/9260dcd084f19ec5a641c2673525163d5ab76816
+
+Work is still in progress to merge the some patches. While these are pending,
+they are rebased and cherry-picked together a forked branch at
+https://github.com/dmsimard/openshift-ansible/tree/rdo
+
+- Support enabling the centos-openshift-origin-testing repository:
+  https://github.com/openshift/openshift-ansible/pull/4307
+
+- Refactor registry-console setup and add support for SSL:
+  https://github.com/openshift/openshift-ansible/pull/4256
+
+- Refactor openshift_hosted's docker-registry route setup:
+  https://github.com/openshift/openshift-ansible/pull/4254
diff --git a/doc/source/_static/openshift_rdo.png b/doc/source/_static/openshift_rdo.png
new file mode 100644
index 0000000000000000000000000000000000000000..bdcfa2948c0cb21cdd3689f01409c89b48036d7c
GIT binary patch
literal 14646
zcmZ8|2QZx97xu0iz4zXuMK943v3f~}mfaB1vRJ((qJ>})JtR7dsEe>xi{K|DdX{Lb
z1rb43iQd20f99KS=9_nRjQ73w+<R_2&vWiM@ej=OX(%}<K_C!~p#j7K1Omf=pWY2J
z;LVpfjSAoonWM2j1ax)%6m^tm0B<OK3?BJ|KvYcEKQJgKj~#eP9$;vyOTI+P!l2Gy
zI&MM$f%rj&5N*rnctZZX4fj;*Z@!#ZJ!Hxlxr4DoGvY)ji!t-pknrK7#vgf!PEV55
z*n(;un<sxgrn(@#7tzJt<n>#yA9`1wO{_oW`%p}Nu8x9-;AnrmE)%RlNMM{jEJ~{l
zETB~J^w!}mc#c<FRr{g7RmUi_gR-BMx&1Kwux{aED_G?*$)vgVCWw>7&d?7(>v3d!
z5sjazBXHx_<5W~z)H=Xoi+67RgQ`Eg`d<Fzf%@j+NU;&^_Ws6~rF{En*^-dT{K|+w
zQ!*9#2i|M+!=(@m1Pa0Y7+IdZ4N(whkWOP|kZx)`4x+`G7(t9nbs@$Csn7X3iW!VJ
zMmGkWg?i%uS8YaaX6(A?MKm%CKl4I;Ruq<F7!R+Epa%+1EsS9Mvs^6%p&NYHtu!_J
zTQ!trzeQ%9k^}AdUl1N=BHTnpP-U0eKueD!)Z^g5e<EXosInl|#SwvPQSlfgyfVMH
z*&lf=NKjf3>i%q(z)j{}H)^1;e#l`3;W0^r%ogp2#hn~cWu7o!(Qbk!kITF2WI`8Y
z;M^gNcc|LCi&$>5%4H-V*2qYYc!=t`?kZd<ve*fo<Cm8e9xe5GgjpxnO6nGBT&dTk
zu_ozkV;Y_Q*VD<7Fn!QpqVEHDCZ`zsNBiUh+e1c@f-C>*0a_p@V}fYM0rg?qVJf~*
z0?BvUqMn>y%?j4bb*a;KB9(bvuRf~tQDBrYX87ACzzCzqH*a}WWPRK^Jn{GX^&2)4
z=|A_{U)R?WPz~zlYz*0yK{XkS{+wb>9pKne0Nn>UpRAEGNHd_Bfc_{xhs@q^@J{RA
z67+5=vpe?(NeMZo<!(Efbwe=S!cc*00d^?QWwLg@E?yED6})Fm!Z#Jlto2mV9c1pd
z1cRpo5-R~r*+v9V>UUcTlN3jdsuK9ma-ot}%hBzVS_a%{4jf&`^dVc(7Q*$LY}Ss^
zTe!b$;o`iJ(t);%_}x7k2<9}oM|QaMQVhC7ugz9It@lqIjXdJN(pc?#$%iN*P11>=
zM@s^IsXj8nk5FK#Mi|cw-7#EU0`=_MPN3kEOyne=ch*xuXaocLAR#0*SGqs<cSA}<
z0Z~g&548sbQ(!Mi!Gt@FhWCK%e;3|3$*hAPnS$zecmCt4Cwzfm76vbY?;*MHVBZ7+
zS+C<ojcla-<qPVc%C@4!Nq4rLuT-l}bs^QGCV0x9R=o23q{c5#o`JilRh|e!FZO15
z(tr^?&Bl--z-5UVVmlk49UZ>x+9&ao3^R<lszSru+x<aK9=iy}%ISbk^4T&yNcEFp
z2H3SuUZS2v-^sB%x}wHau5J3=?(##=zXe>FVX)t_kk<1ioJ5lFG4k!nSdmI|b(MKi
zkjm4#!&?mK<1<<&+=fcV7J1^JMU%8eN9ju<Dg7gLr21hT5=+}4g0fP`*diM&SNtYs
zaO-gQ-7$$4aaMWzR`Ko{Ich!)5f5J-DK*V=et9>u*}##RY)8%ZZv>^ge?YVz#-$%<
z`_cs8<CeADAk5)Tx+4VIbJ(4;GW}Xuh{Q?(S`FkH=7K+gv+~RY`>omNZ03m)*BNmM
zo!fW8nYR?gaZ-llO5o?YM_;|W2h@NM?b~-tz0|UIAtR;3pyWsvR)G?cb(ALPlF3%X
z=HNI(j@D{En7{86t-`u-o@=EowV{5@ZIS@+G1*q1U$hzK6+eu}bxiNF>X3{>x?kw+
znNv$fxB;a7V8f%4MJ@x7jPFVxsDxAZ8@rSFQ2+gbB<o(e->3Rx^>dgTR&A)X17uP!
zVJDo<c0d`qqO|{15dZIpVBBbRJ3~3z%Ax8VrGYTdkC7fqyIU!p{0yGae8biUChi2?
zaspQPP9;N^x`X<6P9)spv-gv1^g#ALzinBWC}*y4VHF$V=n)fxr|A)a>RMbZ=o4wy
zr0#*MVfef5#RX_QoM*9F=3INi1W$x@H=ZFY<*$t4+Oijf>K_r@u4`~Q%#e919vXlx
zg>0v5Qjn8}VK4CrtKm|aXcz7Wp;^q%N|7<63xcSoz{LVZSf;{yHHdaxRVYn)U)~l=
zgoIz{W2=ydH1!Z~#(0dCox>(u5(IO}53^EW1f7Fw-c!dzBxItwyxt=x&z!3r_1sAk
zN4Ls9LIka>)NMc9V`3m+&kkPCROO^`cBi+fyHTeZV4D)Tyr>w^M?=;uxXT-F@w$Q&
zf|6{(Yz%0XA?t}ZKR{VJExCQv@s^D_^^Z<&eS>ULG+OCm^t%%VQVmK^ohSM{DP?i)
zp4h5J+M9aDf~{N@vLBU<1q>k7O*2*R(>PmjTg4x>1zT&a>+k(C1q(x^hpkuN?2|=?
zDT*2h7sq;dhTdSrxw~PjTuW`h``>N((_UB8NDY<?+=WzU&Q#^4wQ0kA4282dK<d6~
zH~;r8Cru6f$uO)Cl3vRT!bQ@fSzW9B^xVPKmXJ94bOU#0(pj?YU{n+HAr}tc8Vlw&
zzZlHGu8T*mfwI6gM7G2`M0bn-I9<$hUPW+rS-0q%zliN(b>KWHMAr#9P$^2Ed!+M*
zkar13=7~Z)rcyPXuqe*1tpjO<rcS)@{ZWvVuan*Hh;XQWCnz$MhS-^Hn;7kos7yHD
zHt=I1nuY9(6vAE3VyRJ9?$>&e)id2Yvfz7%vI0E<CC)j#Q_bACD>ZujGu-lD-#8gI
za-7UsKGkf6zD~4$AjIZmHu2jf12~bb4%8wO56^s$-r%TY%GG|6&b|uP_*F=nn{UbH
z_@Y}Z4uLE3T*=t8H|u0xVJn$;;Gmo$*-w$R_1)vudKHx$lH6$*FN#m<7hGRB8k<Z-
za}ZQ-nn_A1%8rWr;z}-hM)={&AL<L~7F<L2Yd6(Fi|ya<a31?_EHSyXnna3#BARe@
zbLq_6=B83KMWk}gO+)K}yt#5V^KZrpwsY<bCuX}UWw*2{+;GD@9erYd#gw#;G#y&^
z=9T+ia!tp6c;kS|bjM0KVKyCFF&O^ewA~}V(RNusWSsX?pqVR$;$AHsMS^->e|SJw
zU{;%^@jLjF(jyC+j0FKu%8PHt%s3-C7!R`S-JKg21n952pcD;8%G9Q|$5N7J^JGOS
zx!%Y&GgJ3vZ<I~&^AYJh`<D+QUR^b}wk8Tf#a*j&Y=icuNGv=<s2x~G{P?5qV$|Iz
zx>V+<X(M^|OqV3r8dw{jC7kLoVPyhZ1qQ`j`Gdg526w*4*e-~+RT%E&ITwZ$J*g1I
z8->tfrxl2Q@|WAm+pX0dQ#s^XgphO=^DcXf8rv%XU0kKVX$GU}H=~lB;ivZ$VLAR1
z_%04Zo4&3#CfEP_GSg<rn$2<jCr_^P{o7_wQDfLB2qtr%2r+R+TRulTU9)L4rgPTa
zz)^7H^s@G|OLf)fhk5XY8(5xqmUj2Sp)^<(JLhmjwBChIll94$!)=h4(;Cl1;gb+!
zhX~(Zgq6*rxM<c?7ps_oI^D5&{lvmoqKJ{U*bANVXFgO?m0J3C7F-0zW9z>OGaL7$
zUUvBr3^IqeZ`tMy+EIu?ATYa8a4GnlM|~=ZzyBe#V-R`l2G6H9dSiCW8=+#-KI!@C
zvK8_0{7tPw5<YVqt6JG<$82lYYNn5$Xz|tdW*!c5{~00&<@r&8`jQTE`<og=cP+|^
z9n{C)=Aym6jDfMauQ67mAd^VxFW-tZ1fju-bU$UzjV#Ki0%T$N$TIL>cE2&}`PHY<
z<%|)c4Ct33-4sVzbfR>1?lR=JMO>?eK5~<I+TY|Uee$Z;)uoJu0hciD35qDGkCN}G
z9Y6#MWx0Nr`&ITdx|;soTT@82-lNOM?<y0G-+{AMg@+M=B3V<~?LJ22zx?CxWFW2W
z)$fq2mv4UjRd^AZaWDnug?YJ%PUCB<SL}m`5ifb-%V_2;9n`dI0*mfhtJm(*;{>|B
z18y&r^E&R4tOSBo=!f<P%s^)kBB1sy_%~IX_J=*cK7wo!hqXjwlp$#1Ou{)2o%kn$
z-;E8h%FG(eg2Pr+=4}n;F5jTLn3)YDsjwoaaxfNp@jw6o$yFX}<aug~+Js^Z(R4qT
zzk_eMIzfXti1WW!AWQ^U>SF7a@ltO66cWo|iK_+$QMzRzl^;N0Az>ugN2~hvPd<C+
zb8UuQZd1A3z(Um*yIcjl?_fJ7wDvRtR<iyBtdLI$ji2TN$tDl;?om<HL|r~x0(G-n
z+;-~_%`Yvn<v^}c4>3DpAEK?_#Z^Bn%-LOZzmMK{83UKDqWN#rSOo1;5+-r7#)#XP
zA4zn`zWKGjX?b3Pj$y7&_V(25$Q1Z|x@TwaQ$?8bo633{B<qc!%rmQcW^R_&ECBj7
zH#RAq-Bd{<*D$HK@7eQpw4S<c^-`Qf<?F0|kXFbv6~x1w&<%>C6=h)uKvpyU_9%so
zwR)Y?-h=O2NwdK;nJYiWh9{}MFj`hg?|cVeV_Po*Vtz_-`c}2_Fg`Git0uFx7+RZw
zMrJEkSbA`v|MtpWqkgd?yPr$1gNwuU%USNV(p_LxY(%ah1~Ir4uT;;nNP0~UOyjY~
zZPeDqCcU(cY}0RgT$REXYSYjafT$NuD%vjqC?3M(xqd)9jhzfjclafzG9Blm!e^~E
zvmu`mM4sxt{m%>n5T9ywT$X(&sWExt4fl3ZE#-jt9wQMLPGNlztbpf^;1L2y$^j*g
z^@&aE60iTq`GienjlG>cx=oFYAkZ`qe~BF!1~1yMgJA51@XKf6MA(U@0>USIK#Ty4
zL%}UIS>y?EHHXCB1QK9QkA8&Rf5js?{%2=R^FLRuzd56)+O|{KiqsLTZ55@t4rh(m
zG^oP}(>t~1!1CW;?i_gU)3xK-{3mBIP7Rq#89_p-<+8TbRo8URUJSpyc?1fPcuf?X
z&~w`K<aJ=aVYG#hDBaKP>+f0u__58!?yBfV(AA{|1n5lH_G>nVxLcg|Qu<e~8^GT3
zJzBRHGQ@BkNhl#s-DWpIM|Q3&QAhSa%BG;M$7)HTLH@TT3x^$V<?E^D_thd;6IWK?
z|G9cb6&)nTQgyY>@;ExoM+{@r`}qs|5uqLF{SLSD^<D*|paJB|W1m8t<U$pdKX|^p
z<t+bg_i*T0<NN#N&D7JgN?36Y|FGB7o;iOsUoeJ!WIuKMDBZU)sTz`Jwh|%{qrS58
zJk^YR%~Xt{rv0Mp9FCp90AC)dCG}cTj*5zX92zc3FNn&|k}zt^MKkFX+%Nx_+V2n)
z8rt)=Uv=L6i|o#6<-_MfyljrORz2_;DX-*YN9D}_eyk3{zP<l8sTX$xHItRw&Gt~-
zSzkY`BlN{=L}BDKkwUoatPz<;uF+GVFk#nM%12EU73ew?cR&BXrRUuGj1->uFY*hO
zICGOs4u#Jmvmp@IcB>c!>kQ6(PCbJ6#Dwe!Fqe$tojIN&d-<F^z0$hGKO`Ysa@2XM
z{$%=06akPD=$)y@qR}2bJ;(o+bw|f*4>arqVDd2X->F7RGQeAR=hs8lk-KI|$;<d}
zNbC|BOWzzrlGpp1zp}5mFlR3E>r~_OdRQ;y5Vr02xLfH+K`+75=v(9#Rnbfq=k|m%
z<CLD>YZ{CBc&rd-@7daj8;eAR{u4U7mBhU@6;|sGRtd_?OH%H~hE3Ijio3XJb}ddW
z|BKAz0y>2pTlx4WX7`1HmZDOpT+?1)4w8G0M)G^an3z7xK|!iH20t_6DF9vixP)PT
zH0A}R(1Sk5WAE{C)vbHvsI^8rhMunYSKxEM5Kca7npVfQrZ;SlUSNPJ4wsXAbwp0C
z$tGWarg0^g{RNQuC$SeJg7=%EXF&5Nh-4hY5jC~od!ug8cnpPi2G`v_1#jh56KaTY
zdep>xv@}aAA3r9Ul7(A0yDhIdIsNJM(QY>^8{4B~z-{Qa+R>6zX^K4y@%Ewb%q!?q
zFAU$HLJ^cr7h|aZZp;IHdYnP=0sp_kM>+er>GvhCbVjSOL6<(y**o9Auh(o{H^7LE
z<aNu4iem1srfawAv)osnD99CR5b0Nlis0m|a&OuHv|;nkZFxl^BRBbf)7ln5anUcV
z`2{6A5T~Ov)<YRom@C}?P(r1ivbEm}cP|{^H~1{sE7}-5fmOLX%})DuWq-#gKryXr
zbo23<PcED%4gD}qtkt8XtgdxmR8S9CWuY3%SlmJzqvr$G?hP7Ar1InPQJG(&91Q01
zIDK8R2UHYkd2uXlCJ)uG6+GYDSL8sO_FOnS-h;z#6ZiyF;<J!Oe?4xwBz^PPPWjsR
zeQ-}TkRR`*MR6<_Z2eZP#9Sbovgz~g>p5Ylpv1>72bVwj)6mX6n&}2`rV^17G~sqZ
zTR{H=w)!AR?3XBx(L8?Q{%F3=J2%D|qaWltI?v-|EUMn%(s7gbTMn>KJLJw&b0NkM
zk!L%z*@lK&>pGteDih%1da%wpTg7UXSU$fDczngL*Gzv?S^Mq6G?Zh5KKtIC9I2;^
zi~R<-Q=Yq|Vk>1Lur>tFE*Ux=EVTMtJ+nw}Phcloes`;QMz-`X^~+#~$bWFsKXAdN
z=jGY3N8-stS&lIw6~G!#gE)T8ek=SNy{uEfBG@*mT|-7BH1qH(h6=mDJ~z@B<c!5o
z)~1AqY(2I@3AWbt?5ZyCu+u|3Hh+{E|M(uYXz>@Z8K^mW8bw3z*T(K6%UXSU)j?Zi
zT0;Ka+LEhrLJ`NEggTg(L#q#OC-Z&n31~x{VcBC>Hl7OJ_|$UO=!>i}5;dsEu>N=d
zm&5S0#^d?jm2WQcwVmd9Z2|HBk*5b7EbE@ncHNy1e|F?Ph{%uS{CobhkO=;-i`Y%c
z6!X;)p4jV<r&c!6VaLbOy{19;gX*j6JE1pT;}CBttnWbrc=UtCu~S56HDQh|acKp_
z=TdsFb9?(Mf=B=1?T{_?Z1l}I?`79bB_&R>LovobyzF=Ps_WdfZLge0d8OZsOCR()
zKG)>^3Y=m*oS0p+)AN0|$9%j&==`e}A<#36_?XAEgX@Y}<8I6nd4x$gI~?d%jwq*6
zp~l*n+xg+KZ*lmu1G=eill^oH#6RPB3mKm9a(@9AuoPKD{N4UaupD>@+5GZ6MVK);
zF?2BRZ+O@rdh3Rnw%L=5?(QThruiWyb+v>tOUlGb=6|$wus4vBT<_T3maN||SI=KO
zUTRl}p(mI*OX8R4K&pSEZBnhrzvNcF9ivtB-4*O3BMZ$>`p%HFe9^5fZF-c*N#@?V
zxD6ad=%9G%<dl`&9a&yly7tqsBQeJ5T!W&EUxsMW;YHp%$%t(BPr0Cn%3Rt3O(pYM
za<5hcI8_|wnEh_M9DRTJuQYZ1QQ+7;(dbboiu2#!1?G79rZyJL@@_}7dZjmE8_nVr
zTxFj0C0&NkA$uRIKtaz{HQsQ2WcS)Xax%|&#vw=j>5l5nPi?S@xA1&>j~T=94WSLF
zS$Uc{U@qRdc^P8rR&R&sQe{(L(kCw6FTXET=MyE#Qz3So5F||i&h=#^*_Y4q3ej8_
z7cDF)P9Kv=g=T-{8F{|n8W?)>Z}I9|d7;;rL0zk0s(xW;XBvTw=1uZ)!GDk1a@oo$
z2E_ZPV&it>Y^kX@sVx${ghK!G$B%4JaYXs(1dkSewZT;|XGlM5d!k$N+-Dc{FX%Xq
zr)s0soT}u*c;Ke*u`B3lVYVl@>j_H%smn9HLwQ`*c&J*^Vz%gSF|nqi*%A@;)4!NT
z_bTaMel57gl$V_BmxNc~xzm}^x3Rxy3)NzfPj6Ij{r(eRr^3D9ZAk@61bxuc&%8J{
z^TKM+F1;Id1v+O!)uZYA`^`#Fc(cj94k_vTX3Kg~A6~l#hv<A_NED}%gisT2|Lb*C
ziO0G&pr@8#OLwFnH8!FiL}f6Mo_`2cP8{5A`N!_1uh>TT+u&}Y+mwa7RX&c_90lfb
z%9Lp^LG*j@XdZ)g-L&#d+v-lZ;%qO<29`<bKAaF^LM9&bw&iI7EvpgT*A*jqdZ`jL
zMnIdKrQwmwYrrmlVo0H?v_a$|=KY@E$@R4NC8u>)!UopsHdYS4o5(>ETWF&AqsvkU
zpNgh^$HNn8j;u9mg=1f;^0HafwMfjg5q3Paxc<n1G;BiYCb5%6)=wM5M}Krhj``gC
zB8y;2i)SaJm8@v=mE@h052$}=psfpC#ofQtWY^5@lZKcNI2HvZg};oM_{m%4B6OS$
zPpoS-A+up|jj^>X6`EMkjIginm2DqLPF{|U!qlr&zh(rn^;<)RP`zITNb+yUz#*{E
zjvNz-vRN&z*#~C{11|=?151Z>-L7flcUR<o-iCWIi5Mi&-C0t~bxA=}MhDv9;-XEG
z3AA*Auy*6L*H?u4E_uwq5@;9CROhy%7zG`h{M-H>{I7IV%;&W;Jvxx)%;zUtu4m%%
z1wmUB0G(_J;<b#e$~#x03RF*hL+3J<q8$lD)qEO~a!v98d=$rLulLaor&6PuYLm3M
zk55pG_YeAST-Wuum0{kN+57{MxP3q9M)%-SG!1g;v%l`Y?J-!uvWX_7Jqe-9C>`pB
zo!p)&`@^39iQM9aGri}omCMcIecA3<#s-lp^stZ1I6?B``)Vcqd-6zDEgB(>wayi_
zpyY}8$-KC+7Z66z-Gi)qjf7RX8NZ_mNjdv7+q?0QOjoM<P<J=)o9Y_+VvzQySb5}R
zopY|tX_yu7So6>Nkk5tjlN;rW9(My~8+?V$`eGiN8E8T$Twgw17Uq<D!&BXQd-#%~
zpC8(pOHeD?X9fd6uVdnmC2Pg{N?lR!k(k1VLMwwq!C~dXVWW9*c%}?G4$hN-=8~hj
zlS9w~U5T(hY*YO`C429>*8O{BM>9enQ#5uBYbM8PQFYHmF1_+`6(0Z7YBK$aBbM}X
zop?v6r|V;}fXk8mo!jf}r1H%hlGS;y2huznzsUZVH#&rUuJd;2!M$gS8_?l2V9XDq
zXKoQcC&J#Gw1upPvE3?qw6r_ksKsUJ1x%%tCPn7Lwq&|I!@pK;-V-T|r3qGk(f0KD
zsf{KCmWh}bhStS0`~w_bT~(O`@tmhzG{kjJ+Fpkx1h35<rp>g4IU+Z95~`pq{_Bbb
zrwAgiTW&Vl;tpP#U$2`^pJ4?#cf0dKTDr5WB|K7kcSgRDP{(lG2p5Jih{aY|ymOPN
z{tuhle>{SCHT<uJ29zZ-hK7yGNJYZ~Rc4hy_fG;<B8}3T4sEGr3f1F+`r9KV)=$47
zWtN-F#_95Z$5cO{x-)3hd+|%2Lu0Ra1`D31Dk8tz4rvVB92S;p6xwvf-UrwCM0?il
zTtQIg?B!-py#-%c_s;qnE3Ibi^WvWUT;F+#*6{-8e4-mZL`D_Pg#CT*!Q^5~hTCw*
zwx5VGCZV#~etIcV0|qcCTNG;gaD90yIa>VP-lv%aQGCs^u3%<gC#?fZO{`*N5KAEz
z);yEIk591>ubgF!u5j0FaOy983#Hl1$WSW05=n<of!Pzpj3xw<Sma@7<}7WD@KGf;
zXC^53!&{2F;_lmx@uE<>)9Q^>y@Jlxv<)r~ul~dJHsOwn$w4Y7loLj6f7b6v?5yHU
zgC?_W)%CQ9Fdk^QPz<$O4dO-5OL4Na<r|3)>izk(l)=K65{>-eAs(0^ZOC^ap0*=3
zF(8WfikT6TXcVd;zDuRWOFnF`1QUdM|2aHv5mTVIWblM6$>~b$g}0yl_a`Ui>%Dez
zwx2q{-3tX@=oT*e%$dnkr+*VescBH&{1qWWI80<G0}$k5I(jHHSS1)93lLT&tsUq*
z)C%HZcO<Fy;RXn>{GLY_j~$Q8WmxynGXrzo+5WymF-Z8q6x-V9OZm{E1b85FCQE4c
zMSP6!siWM}r?1yQt{{_}?z74%IiBy4*4_XTG7nb_mWD_wq+sWo?)zROSTr<I+h$$c
z9f}^%W7Iku=r?$dT=EAAh=&s2gp&mzln7z1wcz?ns16q*XI7m9w<@GixpVu`;b$A+
zSO&q^SMYq#2S3TqSR${ee$EP(kYXp_XO?L)7J6vC^H<svgFuY+Hbrr29SLg0_g8~<
zTT%4)*2DU1dO})a{dXt3-Blx~eo{u(fi-G=GDuV6gX+FCUe4Wm!YK$7Dmh@n5lM|&
zx_k=4!gX}kFZyfloLfk_zLaxg=#uuTcLN<g|KlLmFFG4U-kHL6S}-)ZXq2yM3`soQ
zknF5e?epYtZ#~QC_<r)Q)t}`mx9R%<8z_QwM>CJ0mSKujzqn=359`e9{_|qh|Ms~6
zYet(RffN<!J_L}ir}0!bR|`rqQ8w!p1);a%44#!+az6gm_mPq{E-VtgI|UUUN4Pxn
z1hl-c6%mA){zujsuczsTQDcw>eNvY#3Rrv3a&LNF%Z1N{nTHc^`{z_4va{U*LzCWf
z!@OV2Hu1ThGnTSRRw4S%;n9je-IO}LF2)SWp=<ead5ELTQ%*?@dJygs$Cy)M9w3&%
z!qyg0j$d%L2$3dX_*#}RBM~xjKE6JFY^u1CNX!+;4+Z_XFPdqARx+rb-!>)XvIIca
ziu=|_sYaz`-~F5K@Af0Y?lxrg+jH?A4sVy`z`@w~CFB=OkzZRM-Ork!&JzUd!*?>q
zot?*J#<ebP7{iuD>+!d|TA;`}Ql3&HSII%R0tYZkJxxnbpX4Du-XUD*0S@M~F($G~
zaKNSJLxrA5zDJ;g{Gu;)JMSoRk}Ys^>6ApNu$VvPmESe?=>>t<o3CR5V1^q=y<LEh
zhRQ0IhDugaH)QH!K#vttL*9<A`Xtg>s5j{Wu*Xi*ueTQ18Rwyhnyo{|Y~$iF_+D#X
zy)0ce+WDH%0#y5Qv&@)Fx8TA6Fg>gwtsl<+a_|DyFvBMjYQ812io5+^Aj1MN^Yp=~
z&ed+q`SBE$F3c{PO!6>YHSUxZHYTP4o6&huST^Kr={tQgyaD`c;Ahdw#tVs+L)N89
zdGmM_REYO$u9MS%+0$=pe#g~!8xQtB#BK@+!PF4MkwPF&&(BrtyQ+uck1YXY;@B^2
zpYnCLe7s!KrjAu9wFV}K2l(P!ul{+*9H5TT?u=>OfQx*KvOEg$RK}70_+*;BmYQ~X
z;AHR6)V!->-@YZX;1#%Rbl0PMQ@lWVHpavicJPw8i#PWwJUoDzDLVRjpbx$GO~v`o
zw$uR4?z#fNqeeERsM9msU9N6`GY>dn$}FjV1nm!Jc5AObV&0~sT{aMWHG01gJ8?CK
zH~}mHu2?{NgqewFayNjzm>Vo@d7|RsFw0U0J|^n20iboT;45HJI)(dLh_8k#D*x`U
zkD^8qkb1trTuZa|NSJ#{bCF54SxHOQJdnnGC*ogD@Be&T`GX?jK~3koPx+}cSprpK
z9wLpy;Ff-xL$3M;-(EerT%)Ck9MR7{J8B~LJ~}h<-TWr~Ru>!D$bQY_0g8GI@NKsw
zyx+i@AI!1oAoXLy&}$>_M_KDxLR%r_tzm`XZBH8rInJv9**NE;=uOn%(Yx7v+F|?e
zN`uUYxF#o!XYAC`hyGzn$+2o?y0uiP<s@pf(5&!~W=2f}pA2W-1}tFDZi}@r>=eIF
zMzbo<5t?nX9M*4zuFCd$A{859BI@fOz}#5L?E3X9Zhhw{2~q-Af5Axj$o}T}V?#9?
zrD5TWZ$`E<yBOfCMJd&f`2r59;NGR`t)2i*VE_BN2UtF0aF^kzg?*eEfiu?uN2^f$
zYvsfznHXTFSKsP8zMgHk;HzYtCleb-Z`jF_MHy8G&Q=l;tfOOYHO}(3l@1SvaW{co
zkIDIv^&48V+HZJnYGG)$n2H7$aox4)mzj7Z<hI)Q=z1^4_4GW~#}W0VL5Qdn6!3-G
z){;10jTembAL0Rhy}zs!45(j9rTJW7=0+JQfSqKrxu}j{$A7wPFP<ePo?VFTM+{a_
zbP0IXORJwpwSzU#X)QJP7OJR^I{epU3(Y)Uwt4wK6FW64n49#n`w-9CGyU%fkdAy>
zq`-NwADdjwCPUfJnQdAo8+g(%7V=4ZEIN_x<9j13J4>-fQXkME<2QAXRLSAQ4nPS3
zciq4}O2CsP@U9>JXd4Uc(2sNy?`9^>e+gfjI%xfQ7EhvOTHZt@c5FJBk<p@}iX=KB
z<DmRP+pzqA=)r7q+2F1!tE=nVxd>p*6n~XxKCb`{XY+0j1^{~>kKSmbY~^-kq+o7%
z<R<XC>%FIb5(K7p<JQ-e0gHe(6Q*r9-u8p`aK1!}(O!~i+-;|4qZZLrV*m$}+H3wo
z8h=NH-nE@dilKc{^O&nHbzRYdvYGia;5GA3n0jtnSg1uf&9+ouA9S`b9ENpn;=bMB
zW%b+@YhWn~Q)2Y2tfip?ZW^?Az%fjvn}D-1{j{-AgwZHi>GWEg_tLKbL!s>olf-4Y
zBOLBNQtdWU7VB5Qk1|`a4gy||Dcd*HQz9iD42i`L-qs!wbt%Zhj$D|t-K8PzF3LmB
zk4@phRfX=DapW88<fV;<{Ha7}cJ_=b2DAhD7e>;D(8=@K6u>*$nTlq*h|$lJ^<49-
zBj*;S%GALnYmLvt@K?j9H=VIWm}WDSG!F>UeEDN~rV-DME^7_Qp>Ebg+11w9iw`2E
zbl-alMe^43z|`D3sUYn!;jwX<eO}@U-7Zl>t2?tRUo&}ZoWA-*uq0VfPsL`5iTTbe
zN^*MAc2$+Wbn_WU91%U|>bej9L>ksy7Sm0cSl6zk+BlP>b7@&&(cc}&>5;6Yu9Xb%
zXp8Z7cY;3#Zaohl?1j5LB(%YtXUTpldDR2=>s^W=Kea#o`ghch@+r|Sqr9R~T;N{c
z=uP~~GB2b*1dFZK!THYb!<|d3a70}~@eml(j2>to{G6?e0@MM@(L9trY}F8#a+V*s
zS(0coRHc}a9yAH8weZD78O-D>gPw~wd@ee^k3W+h?YlW2E6?TcQ+K69P)(*-Ywkn#
z$ihgg89ZSrZtR=*+=R`8m>Amx9SSe!M<m)Ok7<F$v)ue)y<cH5;ox9LHk@y#K8i*8
zIoy9G9$w{H5rd#3J|?eMMU<!TCeIeXo~0y5G`mgat8fe3adC9lq0E89=k!DVZ@?eq
zAr%YkBeJa*S}o6gzrKm~V`QmAV-=JvlZY-VXzN2LybN8?Gqp}%Hx?M!m@_U8igk{q
z(z+7#9UIMhD6f=dBNrvLS}Y}o0Vr|Ub$6m(`=kBcIoDWsbxR!y-&vagb*<VyL_8vx
znvFRZp;`Vj1mNS$dL~SO4yW>2uy3nAXMZ1sI_22bEG7N>7`f)%{M*RjFlin2ZpkYF
zAN6|dW#&HRqN$$qU}5hNb#30AlqdQnKo_Q;D{H&IlgThVpHvLX{I~;mCb@QwJkaOG
zAnBv#-J{e`hdCpqY`v-$e|(_{o-Esb_YjU9K7Y_L*4P=P_wo9ymd~EclH^icZa&pk
z&gceCfXgAejL=|*yEE~)gVev#&W!&3r6oSvBEwYhXYEr}K1b8#0P$4Bs)t%so(V{p
z#BM8_&T;b4aL?Qt8mjki*VFgSxVoI6Eu@YzI_n0UQIgToKr3I`iHV^F%do1<Yz_@>
z-k@P;=_=`){Lt#F8Tr|%FuZtfmt%AAJijCjt6h|X6aa?2*%9lr5Y51Z3*e@@cC_))
zV-D^wh2-SBdK$^sPEX|5rsDZ~x8nZ(`P28+bKV?+!S)|=O!s5j!|>Wqz&@j5#AElJ
zb4OQ!gVZTG!Y`ZJtK32<aKDI=U^bOoQt}?S(P(-4Gx|CA*^2MA*YYjmQ&#t_GK=T(
zY8#xrSsS<KU^~G^fYeD8Ow6@iYCSV#B1YAX1To%s5yI!HTrDNko#_1XWhnRNd6L7e
z{008HlK@V-YeUj#Me`#mLnR8h@V6_Ok@D;5`L;^~Mt_J0?7!zncBm=S@U1v5YggC$
zJToWp%>NuEM201|B)rzhKr~m5CHI4(2>g511;odR_sO1h@Z4h&2qA=De7|!z!#xGq
zLrxmvb`vH*oZe@CDo|4Ft4XK7?Nay6yadMYDJKGsB*2;lrK3^9cRWCs)Gw?)OB}96
ze4LS4Bu?}_wOZ`%7$T83^Iix}6`gdgCmflA;pOC@TDR|oo@}TWfA`4$CB*X7O-`rg
zS7&T*H=WTYY`Coj6FFkMUenKQjADlm(?<CW*rixZ*c^RB0`JA591Gg!g6Waif}pM5
z-<2ZaQwl#mYfcd^{~{4np_dLJU<^Hu5qJ6?9^BJenYXG~jZ?+AU^nOBe56H8oqB+`
zee)s8lf;LlTkZMIXT23!=c(7Atdx!5z*jsk&8|O-p-89WCEAI9*dKLOg|3ek>X>m~
zQlz{(w)58ZdSQ4SiHIYdb4D?hH|=-0UfllmV=4M>vvm3jaCZp72+p>WcU6Nu8cFN(
z>(ma`QXj@e(5J>7G>|azqeM_F^CM)_{ZrcGo-}9v-zt0R$iDgL#xWt`@o-(Nzj`EJ
zcc)mb<yeDGO8P{hPLt~Se53}(736)bR7ffu)`eY;WzaC4{VUmU=3l`Y_oPOEciHM7
z(&gs=O2oj0Kqj<Q+T-$(w@rZp)^VL|MdZMNcbh*Q2*|V!P*)*Vr7dFV{t>Kvnpkzo
zT{W?^-F>A#@Zg7mmvHpd*hqU<^4lwlNMI*GFzT3ROk(&VPPAQ>)kGoSk2y$+ewz)d
zciw3hW=OOuUm}UTdNb_#MgN5@5Z{W#K7Q)XbeAit8kTdk=A%g)!6v0EadU%gc6up*
zswn@E=2cnF!Hx$!E|u&UBG#r+Y(P}xm$1c1Na<>zi>lJKyfb7T7(rW->|OsQqMu*$
zS5JNCU3fW<dTV!3&%%H&aU>rzN9|1%i(3%{v(@BJrGn>YlJ0VBYCBr1a)uGeN1`VB
zs1rEB=k#49k)cTnZX|z;`U}*SJ?{KmTze^q?_xw}>T^-F;9NiYr%6p*%&;`rk*o7Q
z7k5zbAd!mOl^9@ayE$c+<UsXU<`rSX*J*c6$xK-#9!{)}vE%mRWI&*akK2D=v`WmV
zopg`q9Y&Sf&H0Q^hqH$Hs&mdcwDW(!%!9pJrn(w*fEc#>7;{h@{U=0{Ut6P&!F@JV
zlcgM2cfU#qwe_(8+<hg(q@wf!dhBpaq4J9ti56&MLx`w7CI?6~BW_af=>f){c-y-!
z4M*fqM*Kl(Yqab_&9bfscD2<WskLKPf9%F&n=t9?)lheLtCEfY3a2j8Q9w2Ag~h|G
zoBf$0KHKp>%F#Pv@(-LZ=I|R_@~^n4;ghNE(jncBc996U`RUyaTd&%AzYxG@!H?H;
zIGNNQRlPaMh_yK!3yX98W*S#W+ofZ_B9I|9y=*JAFL~&D1CiN=U$6XMi~ur@I$7X-
zAZ^eX4IKkPxgoG;i6G4SGTVXbJecrPvD#m^tOK;5dy?}Bh>BqHG{(Uwd!IGCC-)@V
zAcJ}k^FhZPe4L0^Of?6)2{o^e_})GMf<PA_FH_@a)b2`5B+6TEW=e!SZRWWYpC0+Z
zOULz>@v7ruYz8ge)!c>Ue8`J_jzX952!%S%=@dZCr@%EoW=5*2{=`63L;IYFJ@Vu3
zHcZdm+f=E76IE9`IPSf+5`=~!v20R_F>iv_cDi-w7zwd62|mYbJ9-_n&*mI#x-7~A
zQhM41qB~J~+Hz2a4D5I{IBV>H46ZV52JQZBCRaBZLz{>PE7F|xS~<IC#;N6~E)gi<
zYf1ms{E2fDX)p>Vyg0p<Zi|H)&9La<Jm`E-?2IzZoc4-HO7A$!l@1+0P7=@3Eq78q
zLv3rs#o*})@o1jU>2_!7G@2j9Zbh@?>_XpQF%hqI)y~7}dpYD)I+_Y2c>k%SmqReM
zOrA_CGtoDG3%v1qP4~$NLzDS!(lf5J+sQ&;L#04rUPKVz7OzZ%J)WRS0E~&px%A8+
zWRr3Rk5j16sWyK_=gfjo=;fZqJ~bYm`;%KSI_cb&(zU_z42bDuB6xY#YdSY5ZL-=@
zfa;ilIb~VjS={U1{JpRh=tV}?Rh5jkdQRF(n>BsE-6zk3?@G#VJYNWfHp1A=Ig7_s
zYiW`g3mg#RyevJ>w!7Ni*ght=)vXC>`bHB(yDEA4_MuGVROQtqdd<Q2_;!7Z*MoSh
zWqbF?@+Npf)<<U)bWT3N_Pb83v?PQeAT_p>*aWivbL5Z|9hywH|4ixpY&NgzWd+|<
z87nVsLR7E++VPhojY!Ds(Al{0jYI83uWFD(Iv4s0GDygk>YM+u+a=V!d}Nc8Z^+-L
zJYc2SA(7=R$5Jx>cunaNyNitT_tUz}&;9t~U!T?kxY6s+;QFD?!;m*Yupw(jT-FHm
zAt-rk=SpJ<qnPr~cRC~>KTbZ#yfDa$aLz=Um~rRVC=Q>$=0aE^Yfrgh-BJ?>?qom<
zH3U9PX-Q+<&Jzz8VY#hp(`{jx9Bqx%9a{ung6YmQmY$Z9POB5yXWpB8fM(2jSy5>4
zFe~~!UwqK)dYd3HAP*f9DN|azZyAPG-0wCk3ClfgW+p5b66<=aB%U{ZdBRcXcvhS(
z|D*ek=bZDpFo{wKC2P6eo;VIK2s4L*VV;&{<e{lNMd7#XlJYo>oz`BMbx%Hvxtce^
zl`|$O|Er!T<~lCyaqvC8A?CH|9%gD$XN4$uK(IkI>0-kt)TY6iJP-x^H+fxX7j-h_
z9K7%>4?dL$;`a&E=Q@u5O#7@gRG6_}GmM7S?4OY)9tuPhnY7+z@Z1f|zO$pWaU`5>
zIse5~z^Cp<3A#Dl>n3p15;E-jpGca4UjUcXu;fh$EDI5R4^uW3cQZm!J|5y{LzmD8
zeSi$2njuSr8`m8jSJT8p7)$g;ywkJ=@Y2p)mMH0t1@Ml_1L}7WKiDHJ>?E-P5I{W(
z-Ehz%+hO@3Jd<G%Zb^$6|1acj{N$7~Y<oTT{x=|$)&}!>*py0J1o{NHOvs!^Pw@`)
zh@`oXKLj!9erL2q9f$y)`GQXer;SD{u@JvfT`x>E1jBVTV&f{gT!Ye;f6UmQ#_L~V
zCxDvwTl_2wYmUbT=s_jcHG~-}KW#<#!k^INyv~k*FKOl8&?~QOt}TDg`@$BFT<HI5
z;N7p|p;=4;RiDlI6yjP0)39%Pyt|Tl-^tN-=wUwd!#J)7XK$*sT(QrfG>MpVTi|&U
zZQeq&*s!%S5Mi~K=TrFIR*2Mg6dX!{rFn<Mo*wO$&Q$ROAxc#B8gtujLuo`6Qqyjd
z#sDbYo_z>Jg2D&wI*HXG=|Q<^QK;GJoO~UK$M#tW5ID$>_sdzUdx-JT``0+BYCGp6
z>xG1C>S2K(i`&w~$C9@9RN{ZBpnZy-7oDj7NP}zYVu4_aN=gUcIqD?S^pv-xJ8bpy
zZ|&LR+8CriIbiLt1(H>B>ggg3>?hU8<Erz3D1480@B8o3Hc0GT*q!A%ySFLE|4=pi
zecL2Vj`T=tkH!NDT$Xyrk#YURY#?W+aLOMFIxdafepO3T3^W)0E*`tzM&>|?nBs7e
zObwXioX&z(E20Yfij7bcV~C4;nAO_b^};)kP><7NL&#Wj^LI~FEwwQK9~Xd@(?~9V
zmLA9_-cgR6SL`$7{Qmc7&Y23#9w)JFL)Ad@p9wT{k;>uY9Q7aJC+TV~;B)n9L0d2c
zgF;$MHXHykZD%h?y|8<r1%Uw(!ylB9xei>+QS!8bEl<jvxfD^-!C{oFgCYYW{p{Y&
z;PXz#5&+Q|W1y*?^zqoSz?_F$vmkswo58J3it?GV$RwToEt~k61TRpULglwJd!oeE
zLlBZ^T9;S5>fxY6VgsEUw}cS1%+(muzIOn=;s)(VMBaEo)?aLWGCP*fbE?LG&O5Vm
z#42W}wQs9Cd`+_bFl)kluL^KUJ>KH5tR2=~d2kCSAqU(`tW7D^>n6Pfg@8X14X2kF
z;{V(#p9zipTAU1#oB*<j&=I22KG4=4nr61ULMK#dQiaH8T_YqVz7>2pqw9-}qpc%S
zTgFo<I%#hHahg(lAP}}my8(i6kGD<$GGZjWMD0jnE(NP^&*URT|M4$+WX5H>KJB!Z
zPts|ENcI8~-@E9|TVpY<Xge^i{h*+huj$S3bl9uD;&P;Q#kGV8(I&^>BT#_fI6;r#
zvSASN#c8d3dH)e-T!9F*7#M`=AkpF7QD&9-ciOFO_9fHp=X+6o#cT1_NT7Pvlu6rv
zJyaZ^mtCymhfD<bN+R3!;j?KC0icOHeZ};RBB%)uQR%HODJSI=UB-Dqm1FOr9U%4U
zEpUXghazp5A*MD*dbl)Xq;wTSiA~oWbZVc^3xa(+E9Lyl-P!hNJ*lsFVdXo^wIF}d
zCa&2IiXxUStxLI^KYpH)sL)wc|1Rz-)B)0VRBHx-Aw8hQS&z$K4MlmTPxr(J)0uml
zLVx`_rT^<pi+d`_8Fva`i6I~hDi;DXjbWsm?R5*L>$GsyIoY|J#r0Rna#76~!o`h3
z|4$Yj4zSUetzWO^pw6Foz#@wpblpI1Q)See@yd7DO1&u1s{=8d8qMvwr3f#g?_^ki
zG>|(`Jp8P4`{89jTXwZO11`jaTTLFwFpJj31T|4+ah<kQ*!`Cm3A=r=wY(H(_kE8f
zflZgB^RaV%BIkl+l8$$>jy^E%TnJR)*a)eYW#&*-cCMF#%93cf^o75sgb$OQbSw0U
z%--~d!sRm=tO5f%xUX2c@j6Luk`QFSRQGG*vQzIe5E;R<9D)68zfyP)H|0^`om*Xq
z&+aSMTKS#@q}Bi_L+)!tou7*iMNtRGs?=7wX?gY?K?R?_ozW8ELOw<SnRqI+(L1gj
z7D^dvCzomrk;pTVvGmzHKq4MT+$NYaPT-n$T}QbJLUn;2|L-A~KqS8d>+brg%#VkQ
zyq5-|Wr3#&=;vKvysn?JAW>AN1NNHET<6$9FgZYO)Bh_4q!s<&QfRv?zURhT4HtK`
S8G#H(kfE*_r1qXe)c*m%txAdj

literal 0
HcmV?d00001

diff --git a/doc/source/about.rst b/doc/source/about.rst
new file mode 100644
index 0000000..c782f69
--- /dev/null
+++ b/doc/source/about.rst
@@ -0,0 +1,18 @@
+About the registry
+==================
+
+RDO uses an `OpenShift standalone registry`_ which is more or less the upstream
+for the `Atomic Registry`_ project.
+
+We chose to use the OpenShift standalone registry because it provides features
+that ``docker-registry`` and ``docker-distribution`` do not have out of the box.
+
+Some reasons and features include but are not limited to:
+
+- Being able to list images in the registry: ``oc get imagestreams``
+- Provide a web interface to browse and manage images in the registry
+- Built-in authentication and access control (ACL) with GitHub oauth support
+- Dogfood the OpenShift standalone registry use case and establish a feedback loop with OpenShift developers
+
+.. _OpenShift Standalone registry: https://docs.openshift.com/container-platform/latest/install_config/install/stand_alone_registry.html
+.. _Atomic Registry: http://www.projectatomic.io/registry/
diff --git a/doc/source/conf.py b/doc/source/conf.py
new file mode 100644
index 0000000..2e1be6d
--- /dev/null
+++ b/doc/source/conf.py
@@ -0,0 +1,83 @@
+# -*- coding: utf-8 -*-
+#   Copyright 2017 Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+
+import os
+import sys
+import sphinx_rtd_theme
+import pbr.version
+version_info = pbr.version.VersionInfo('rdo_container_registry')
+
+sys.path.insert(0, os.path.abspath('../..'))
+# -- General configuration ----------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+extensions = [
+    'sphinx.ext.autodoc',
+]
+
+# autodoc generation is a bit aggressive and a nuisance when doing heavy
+# text edit cycles.
+# execute "export SPHINX_DEBUG=1" in your terminal to disable
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'RDO container registry'
+copyright = u'2017, Red Hat'
+author = 'RDO Community'
+
+# The short X.Y version.
+version = version_info.version_string()
+# The full version, including alpha/beta/rc tags.
+release = version_info.release_string()
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+add_module_names = True
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# -- Options for HTML output --------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  Major themes that come with
+# Sphinx are currently 'default' and 'sphinxdoc'.
+html_theme = 'sphinx_rtd_theme'
+html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
+html_static_path = ['_static']
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = '%sdoc' % project
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title, author, documentclass
+# [howto/manual]).
+latex_documents = [
+    ('index',
+     '%s.tex' % project,
+     u'%s Documentation' % project,
+     u'Red Hat', 'manual'),
+]
+
+# Example configuration for intersphinx: refer to the Python standard library.
+#intersphinx_mapping = {'http://docs.python.org/': None}
diff --git a/doc/source/index.rst b/doc/source/index.rst
new file mode 100644
index 0000000..51ff9e5
--- /dev/null
+++ b/doc/source/index.rst
@@ -0,0 +1,15 @@
+Welcome to the RDO Container Registry documentation !
+=====================================================
+.. image:: _static/openshift_rdo.png
+
+Table of Contents
+=================
+
+.. toctree::
+    :maxdepth: 3
+
+    About the registry <about>
+    Installing the registry <installing>
+    Managing the registry <managing>
+    Using the registry <using>
+    Troubleshooting the registry <troubleshooting>
diff --git a/doc/source/installing.rst b/doc/source/installing.rst
new file mode 100644
index 0000000..6414439
--- /dev/null
+++ b/doc/source/installing.rst
@@ -0,0 +1,12 @@
+Installing the registry
+=======================
+
+.. warning:: Fleshing out this documentation is a work in progress.
+
+::
+
+    pip install git+https://github.com/rdo-infra/rdo-container-registry
+    export RDO_GITHUB_CLIENT_ID=oauth_client_id
+    export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret
+    tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml
+    tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml
diff --git a/doc/source/managing.rst b/doc/source/managing.rst
new file mode 100644
index 0000000..6b603bf
--- /dev/null
+++ b/doc/source/managing.rst
@@ -0,0 +1,29 @@
+Managing the registry
+=====================
+
+.. warning:: Fleshing out this documentation is a work in progress.
+
+.. note:: These operations are done directly on the master
+
+::
+
+    # Grant superuser privileges to a user once he has logged in at least once
+    # https://docs.openshift.com/container-platform/3.5/admin_guide/manage_authorization_policy.html
+    oc policy add-role-to-user cluster-admin dmsimard
+
+    # Create project
+    oc new-project tripleo \
+      --description="TripleO container images for trunk and continuous integration" \
+      --display-name="TripleO container images"
+
+    # Create service account, make it admin of the project
+    oc create serviceaccount tripleo.service -n tripleo
+    oc policy add-role-to-user admin system:serviceaccount:tripleo:tripleo.service -n tripleo
+
+    # Retrieve service account token for image pushes (for CI and things like that)
+    oc describe serviceaccount tripleo.service -n tripleo
+    oc describe secret tripleo.service-token-<generated> -n tripleo
+
+    # Allow authenticated users to browse the TripleO project
+    # Note: https://github.com/cockpit-project/cockpit/issues/6711
+    oc policy add-role-to-group registry-viewer system:authenticated -n tripleo
diff --git a/doc/source/troubleshooting.rst b/doc/source/troubleshooting.rst
new file mode 100644
index 0000000..36968b3
--- /dev/null
+++ b/doc/source/troubleshooting.rst
@@ -0,0 +1,30 @@
+Troubleshooting the registry
+============================
+
+.. warning:: Fleshing out this documentation is a work in progress.
+
+::
+
+    # Logs for the origin-master process
+    journalctl -u origin-master --follow
+
+    # Note, commands using -n default is to select from the default namespace
+
+    # List routes, pods and services
+    oc get routes -n default
+    oc get pods -n default
+    oc get svc -n default
+
+    # Dump configuration of things
+    oc export routes -n default -o yaml |less
+    oc export pods -n default -o yaml |less
+    oc export svc -n default -o yaml |less
+
+    # Follow logs from running pods
+    oc get pods -n default
+    oc logs -f -n default <pod name> (ex: oc logs -f -n default docker-registry-1-xgxqb)
+
+    # Execute a command in a running pod
+    oc get pods -n default
+    oc exec -n default <pod name> <command> (ex: oc exec -n default docker-registry-1-xgxqb ls)
+
diff --git a/doc/source/using.rst b/doc/source/using.rst
new file mode 100644
index 0000000..524226f
--- /dev/null
+++ b/doc/source/using.rst
@@ -0,0 +1,635 @@
+Using the registry
+==================
+
+.. warning:: Fleshing out this documentation is a work in progress.
+
+Pulling containers
+------------------
+
+``docker pull trunk.registry.rdoproject.org/<namespace>/<container>(:<tag>)``
+
+Examples::
+
+  docker pull trunk.registry.rdoproject.org/tripleo/centos-binary-base:latest-passed-ci
+  docker pull trunk.registry.rdoproject.org/developer/centos
+
+Pushing containers
+------------------
+
+Before you can push containers, you need to log in to the registry using
+the ``docker login`` command.
+
+In order to use the ``docker login`` command, you need to obtain a token first.
+This token is obtained by logging on to the `registry console`_.
+
+In order to log in to the registry console, you need to be a member of a
+specific `GitHub team`_ which grants the required access.
+
+After you have successfully logged in to the console, the home page will provide
+the login command that you can copy & paste, it looks like this::
+
+    docker login -p abcdef_token -e unused -u unused trunk.registry.rdoproject.org
+
+Afterwards, you may push container images to projects in which you have the necessary
+privileges, for example::
+
+    docker pull docker.io/centos
+    docker tag docker.io/centos trunk.registry.rdoproject.org/myproject/centos
+    docker push trunk.registry.rdoproject.org/myproject/centos
+
+.. _registry console: https://console.registry.rdoproject.org
+.. _GitHub team: https://github.com/orgs/rdo-infra/teams/registry-rdoproject-org
+
+Using the OpenShift origin client
+---------------------------------
+
+The OpenShift origin client allows you to query the registry to list images or
+get image metadata information.
+
+To install the OpenShift client::
+
+    # On Fedora
+    dnf -y install origin-clients
+
+    # On CentOS
+    yum -y install centos-release-openshift-origin
+    yum -y install origin-clients
+
+If you have an account
+~~~~~~~~~~~~~~~~~~~~~~
+
+If you have an account and are able to log in to the `registry console`_, it
+will provide a login command that you can copy & paste, it looks like this::
+
+    oc login --token abcdef_token registry.rdoproject.org:8443
+
+You will then be able to use ``oc`` commands against the projects you have access
+to.
+
+If you do not have an account
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you do not have an account and you are not able to log in to the
+`registry console`_, you will only be able to list container images for
+projects that are *public* (*anonymous*).
+
+You will need to create a configuration file in order to tell your OpenShift
+client where the OpenShift cluster is located in order to send it's queries.
+
+This configuration file is located at ``~/.kube/config`` and needs to look like
+the following::
+
+    apiVersion: v1
+    clusters:
+    - cluster:
+        server: https://registry.rdoproject.org:8443
+      name: registry-rdoproject-org:8443
+    contexts:
+    - context:
+        cluster: registry-rdoproject-org:8443
+        namespace: default
+    kind: Config
+    preferences: {}
+
+You will then be able to use ``oc`` commands against projects that are made
+public or anonymous.
+
+Listing containers
+~~~~~~~~~~~~~~~~~~
+
+The OpenShift client has the ability to list available container images in a
+project over CLI::
+
+    oc get imagestreams -n tripleo
+    NAME                           DOCKER REPO                                                TAGS     UPDATED
+    centos-binary-aodh-api         172.30.132.198:5000/tripleo/centos-binary-aodh-api         latest   2 hours ago
+    centos-binary-aodh-base        172.30.132.198:5000/tripleo/centos-binary-aodh-base        latest   2 hours ago
+    centos-binary-aodh-evaluator   172.30.132.198:5000/tripleo/centos-binary-aodh-evaluator   latest   2 hours ago
+
+.. note:: Note that the DOCKER REPO field contains an internal URL.
+          This will be improved to show the public registry endpoint in a
+          future version of OpenShift, in the meantime, you can substitute that
+          URL by ``trunk.registry.rdoproject.org``.
+
+Image metadata
+--------------
+
+With the OpenShift client
+~~~~~~~~~~~~~~~~~~~~~~~~~
+``oc describe imagestreams`` or ``oc describe is``::
+
+    oc describe imagestreams centos-binary-aodh-api -n tripleo
+    Name:             centos-binary-aodh-api
+    Namespace:        tripleo
+    Created:          23 hours ago
+    Labels:           <none>
+    Annotations:      <none>
+    Docker Pull Spec: 172.30.132.198:5000/tripleo/centos-binary-aodh-api
+    Unique Images:    4
+    Tags:             4
+
+    latest
+      pushed image
+
+      * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73
+          23 hours ago
+
+    38471d4ccf3914805fafaa56b21db2cc83755e95_5d6d179f
+      pushed image
+
+      * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:85efabdbdb663802d6387623fc9f76c13ad89f74bf121e8f246f0f9b22cd261e
+          22 hours ago
+
+    87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f
+      pushed image
+
+      * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:64c2837a84c7a72acfc2c633426cbb600b0771dde1259de7203a61a1b4c37aae
+          23 hours ago
+
+    latest-passed-ci
+      pushed image
+
+      * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:aa784a9b213b8d8b42b1ed09cbc3e6111956703cbd223f7f6f77f17c48383665
+          22 hours ago
+
+``oc describe imagestreamtags`` or ``oc describe istags``::
+
+    oc describe imagestreamtags centos-binary-aodh-api:latest -n tripleo
+    Name:          sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73
+    Namespace:     <none>
+    Created:       23 hours ago
+    Labels:        <none>
+    Annotations:   openshift.io/image.managed=true
+    Docker Image:  172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73
+    Image Name:    sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73
+    Image Size:    237.1 MB (first layer 72.29 MB, last binary layer 545 B)
+    Image Created: 24 hours ago
+    Author:        <none>
+    Arch:          amd64
+    Command:       kolla_start
+    Working Dir:   <none>
+    User:          <none>
+    Exposes Ports: <none>
+    Docker Labels:
+        build-date=20170529
+        build_id=1496093093
+        kolla_version=4.0.0
+        license=GPLv2
+        maintainer=TripleO Project (http://tripleo.org)
+        name=aodh-api
+        rdo_version=87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f
+        vendor=CentOS
+    Environment:
+        PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+        KOLLA_BASE_DISTRO=centos
+        KOLLA_INSTALL_TYPE=binary
+        KOLLA_INSTALL_METATYPE=rdo
+        PS1=$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$
+
+With Skopeo
+~~~~~~~~~~~
+Skopeo_ is a tool from `Project Atomic`_ that allows you interact easily with
+Docker registries.
+
+For example, it allows you to inspect metadata remotely without downloading
+the image first::
+
+    skopeo inspect docker://trunk.registry.rdoproject.org/tripleo/centos-binary-aodh-api
+    {
+        "Name": "trunk.registry.rdoproject.org/tripleo/centos-binary-aodh-api",
+        "Tag": "latest",
+        "Digest": "sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73",
+        "RepoTags": [
+            "latest",
+            "38471d4ccf3914805fafaa56b21db2cc83755e95_5d6d179f",
+            "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f",
+            "latest-passed-ci"
+        ],
+        "Created": "2017-05-29T21:29:21.715464885Z",
+        "DockerVersion": "1.12.6",
+        "Labels": {
+            "build-date": "20170529",
+            "build_id": "1496093093",
+            "kolla_version": "4.0.0",
+            "license": "GPLv2",
+            "maintainer": "TripleO Project (http://tripleo.org)",
+            "name": "aodh-api",
+            "rdo_version": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f",
+            "vendor": "CentOS"
+        },
+        "Architecture": "amd64",
+        "Os": "linux",
+        "Layers": [
+            "sha256:dd6405a9d6445ac370348c852c1d28dbdbbbefca4a40f5a302d02ea59488023d",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:2cd7b6008767ea2a93ac3d0ab8b034a008f74e4ad6cbefcdae1132ed0cd9357e",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:0f9e56455f34aceaba55c30e37223ecc9c78a699665e666949fe46f4522553c2",
+            "sha256:2e83a0b6361f9d4a4ff6d34622f856ef853d5fb5d69380a2ce725da479a3a1bd",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:bf6f0cf0995e7369a7cb3fc4de97a1252a9a33cce553971b68be89798f54a3c0",
+            "sha256:72be68d311b8dfd0328e46ef8561fc4e8a44e3aa12d47e87332c1bdfb581398a",
+            "sha256:bd2e425390db662ed28bc21372c7fa0256d130e55f7bf8ec6339fc41fa1d166c",
+            "sha256:7020914f6824dda8830b3dbb559500e41cfb6de2c0c85b94ce8e42d874cad2b4",
+            "sha256:c4f089101f2cebb3f9b57259fbe73137a1a1181f9eedc408f41b1392912e7c82",
+            "sha256:33abc8109d965f93c302c9811928b6ebdf9bb22339e2cbdd8dda32f0e6f64461",
+            "sha256:bddef0ebe7c602b3ea948d0d9fe0707d4ecb02e78e33de77af279e18829cc280",
+            "sha256:e83b73b2bea3e03313d3243240e7e30fd2ac585afbb57223053e1b658439b46c",
+            "sha256:a3ece904123ddd878bdbd88aa01817de01b79f481df9965b9a5cd4f56e529b72",
+            "sha256:54c91f9119b0a5e1925e3eb4c35df00268d99f76eace85b248c64b30ac896d1a",
+            "sha256:702759ec043e579a7a5634a6fc1010ecf567af91069928571e472e7a69cbf4fb",
+            "sha256:ea2620fc7ad861d9cf3f42cf6a4d73be4b25889a8a2610e854aefc508f5b5d0e",
+            "sha256:8d8ec19a2094876862b81a2194bbe72efcab2ad7b6f2a59f91d75056b8eef64d",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:da5c65ac8909f45a23d180f074a49d9b768d697d1db90dd79c813182c265ea80",
+            "sha256:1b403b81203da688a9add9c41291a87f8c8f08cac4244540b9e5f66d1db30a06",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:68ebdcb67a8ebe7f7d525dbbfd85e989181c965b52441fc6ff1c1b1a41477f9e",
+            "sha256:b4a7f16092b091deff942a0a5cb5da27b63859d7af5422630f32a47f87f54bbf",
+            "sha256:b892f4c6c3b7e139dbe8d7e403c4558f5b424c5cf07a51ff5ab074c6201cd779",
+            "sha256:0fd273e790a9b2fc17d28ec6255094f5fe63a1576e54c208134c0435f1c1b2cc",
+            "sha256:73786d94d5dedd650ce3193adfa2b92502131e90287731ac6d26db5de1ae5d4d",
+            "sha256:fdcf22601cf27f222030e783f8755e11a1adb0dc949a7e735740e67c02548171",
+            "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "sha256:3f59f43f810c97c60d62f42c8779ad9aadecfb1647feb86630dcc444ab710995",
+            "sha256:bd7ad955318a78798da9d8b4c9ad4c683bf38dcd93db7b2f6a1c111e37b563ff",
+            "sha256:79743704eaad90ed9ce3a67fa1185babc3ffc9f015213831b659e67ed11704d5"
+        ]
+    }
+
+.. _Skopeo: https://github.com/projectatomic/skopeo
+.. _Project Atomic: http://www.projectatomic.io/
+
+With curl
+~~~~~~~~~
+
+For ``imagestreams``::
+
+    curl https://registry.rdoproject.org:8443/oapi/v1/namespaces/tripleo/imagestreams/centos-binary-aodh-api
+    {
+      "kind": "ImageStream",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "centos-binary-aodh-api",
+        "namespace": "tripleo",
+        "selfLink": "/oapi/v1/namespaces/tripleo/imagestreams/centos-binary-aodh-api",
+        "uid": "a0c69ef8-44c0-11e7-858e-fa163e033b7c",
+        "resourceVersion": "3600",
+        "generation": 1,
+        "creationTimestamp": "2017-05-29T22:46:17Z"
+      },
+      "spec": {},
+      "status": {
+        "dockerImageRepository": "172.30.132.198:5000/tripleo/centos-binary-aodh-api",
+        "tags": [
+          {
+            "tag": "latest",
+            "items": [
+              {
+                "created": "2017-05-29T22:46:17Z",
+                "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73",
+                "image": "sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73",
+                "generation": 1
+              }
+            ]
+          },
+          {
+            "tag": "38471d4ccf3914805fafaa56b21db2cc83755e95_5d6d179f",
+            "items": [
+              {
+                "created": "2017-05-29T23:11:38Z",
+                "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:85efabdbdb663802d6387623fc9f76c13ad89f74bf121e8f246f0f9b22cd261e",
+                "image": "sha256:85efabdbdb663802d6387623fc9f76c13ad89f74bf121e8f246f0f9b22cd261e",
+                "generation": 1
+              }
+            ]
+          },
+          {
+            "tag": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f",
+            "items": [
+              {
+                "created": "2017-05-29T22:46:31Z",
+                "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:64c2837a84c7a72acfc2c633426cbb600b0771dde1259de7203a61a1b4c37aae",
+                "image": "sha256:64c2837a84c7a72acfc2c633426cbb600b0771dde1259de7203a61a1b4c37aae",
+                "generation": 1
+              }
+            ]
+          },
+          {
+            "tag": "latest-passed-ci",
+            "items": [
+              {
+                "created": "2017-05-29T23:11:24Z",
+                "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:aa784a9b213b8d8b42b1ed09cbc3e6111956703cbd223f7f6f77f17c48383665",
+                "image": "sha256:aa784a9b213b8d8b42b1ed09cbc3e6111956703cbd223f7f6f77f17c48383665",
+                "generation": 1
+              }
+            ]
+          }
+        ]
+      }
+    }
+
+For ``imagestreamtags``::
+
+    curl https://registry.rdoproject.org:8443/oapi/v1/namespaces/tripleo/imagestreamtags/centos-binary-aodh-api:latest
+    {
+      "kind": "ImageStreamTag",
+      "apiVersion": "v1",
+      "metadata": {
+        "name": "centos-binary-aodh-api:latest",
+        "namespace": "tripleo",
+        "selfLink": "/oapi/v1/namespaces/tripleo/imagestreamtags/centos-binary-aodh-api%3Alatest",
+        "uid": "a0c69ef8-44c0-11e7-858e-fa163e033b7c",
+        "resourceVersion": "3600",
+        "creationTimestamp": "2017-05-29T22:46:17Z"
+      },
+      "tag": null,
+      "generation": 1,
+      "image": {
+        "metadata": {
+          "name": "sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73",
+          "uid": "a0c7a764-44c0-11e7-858e-fa163e033b7c",
+          "resourceVersion": "3098",
+          "creationTimestamp": "2017-05-29T22:46:17Z",
+          "annotations": {
+            "openshift.io/image.managed": "true"
+          }
+        },
+        "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73",
+        "dockerImageMetadata": {
+          "kind": "DockerImage",
+          "apiVersion": "1.0",
+          "Id": "11e27e00f85f340a8ad1e9e2330dc61b80f3ea962db9c468c7776a21f6ceee00",
+          "Parent": "ad9dfe0c7ccc21ff769cb644a30f88f8ddad536fec46664a23537cf91cadc33e",
+          "Created": "2017-05-29T21:29:21Z",
+          "Container": "f019f8ffc684ac4a9ed476d2ef53cf4612e7a4889ae7bc6e0c32d1743b524753",
+          "ContainerConfig": {
+            "Hostname": "dfa0e46aa7ac",
+            "Env": [
+              "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+              "KOLLA_BASE_DISTRO=centos",
+              "KOLLA_INSTALL_TYPE=binary",
+              "KOLLA_INSTALL_METATYPE=rdo",
+              "PS1=$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
+            ],
+            "Cmd": [
+              "/bin/sh",
+              "-c",
+              "chmod 755 /usr/local/bin/kolla_aodh_extend_start"
+            ],
+            "Image": "sha256:b2c4694ba4d018bbfe55f5546091684bbe51e14f18b5aa53aaaff24d81b07c61",
+            "Labels": {
+              "build-date": "20170529",
+              "build_id": "1496093093",
+              "kolla_version": "4.0.0",
+              "license": "GPLv2",
+              "maintainer": "TripleO Project (http://tripleo.org)",
+              "name": "aodh-api",
+              "rdo_version": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f",
+              "vendor": "CentOS"
+            }
+          },
+          "DockerVersion": "1.12.6",
+          "Config": {
+            "Hostname": "dfa0e46aa7ac",
+            "Env": [
+              "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+              "KOLLA_BASE_DISTRO=centos",
+              "KOLLA_INSTALL_TYPE=binary",
+              "KOLLA_INSTALL_METATYPE=rdo",
+              "PS1=$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ "
+            ],
+            "Cmd": [
+              "kolla_start"
+            ],
+            "Image": "sha256:b2c4694ba4d018bbfe55f5546091684bbe51e14f18b5aa53aaaff24d81b07c61",
+            "Labels": {
+              "build-date": "20170529",
+              "build_id": "1496093093",
+              "kolla_version": "4.0.0",
+              "license": "GPLv2",
+              "maintainer": "TripleO Project (http://tripleo.org)",
+              "name": "aodh-api",
+              "rdo_version": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f",
+              "vendor": "CentOS"
+            }
+          },
+          "Architecture": "amd64",
+          "Size": 237061207
+        },
+        "dockerImageMetadataVersion": "1.0",
+        "dockerImageLayers": [
+          {
+            "name": "sha256:dd6405a9d6445ac370348c852c1d28dbdbbbefca4a40f5a302d02ea59488023d",
+            "size": 72292482,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:2cd7b6008767ea2a93ac3d0ab8b034a008f74e4ad6cbefcdae1132ed0cd9357e",
+            "size": 22717,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:0f9e56455f34aceaba55c30e37223ecc9c78a699665e666949fe46f4522553c2",
+            "size": 266,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:2e83a0b6361f9d4a4ff6d34622f856ef853d5fb5d69380a2ce725da479a3a1bd",
+            "size": 528,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:bf6f0cf0995e7369a7cb3fc4de97a1252a9a33cce553971b68be89798f54a3c0",
+            "size": 2023,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:72be68d311b8dfd0328e46ef8561fc4e8a44e3aa12d47e87332c1bdfb581398a",
+            "size": 1598,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:bd2e425390db662ed28bc21372c7fa0256d130e55f7bf8ec6339fc41fa1d166c",
+            "size": 1621,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:7020914f6824dda8830b3dbb559500e41cfb6de2c0c85b94ce8e42d874cad2b4",
+            "size": 5360567,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:c4f089101f2cebb3f9b57259fbe73137a1a1181f9eedc408f41b1392912e7c82",
+            "size": 5485035,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:33abc8109d965f93c302c9811928b6ebdf9bb22339e2cbdd8dda32f0e6f64461",
+            "size": 5370612,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:bddef0ebe7c602b3ea948d0d9fe0707d4ecb02e78e33de77af279e18829cc280",
+            "size": 34553499,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:e83b73b2bea3e03313d3243240e7e30fd2ac585afbb57223053e1b658439b46c",
+            "size": 3923,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ece904123ddd878bdbd88aa01817de01b79f481df9965b9a5cd4f56e529b72",
+            "size": 596,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:54c91f9119b0a5e1925e3eb4c35df00268d99f76eace85b248c64b30ac896d1a",
+            "size": 546,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:702759ec043e579a7a5634a6fc1010ecf567af91069928571e472e7a69cbf4fb",
+            "size": 250,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:ea2620fc7ad861d9cf3f42cf6a4d73be4b25889a8a2610e854aefc508f5b5d0e",
+            "size": 27474,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:8d8ec19a2094876862b81a2194bbe72efcab2ad7b6f2a59f91d75056b8eef64d",
+            "size": 4838,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:da5c65ac8909f45a23d180f074a49d9b768d697d1db90dd79c813182c265ea80",
+            "size": 14847530,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:1b403b81203da688a9add9c41291a87f8c8f08cac4244540b9e5f66d1db30a06",
+            "size": 54587991,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:68ebdcb67a8ebe7f7d525dbbfd85e989181c965b52441fc6ff1c1b1a41477f9e",
+            "size": 2785,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:b4a7f16092b091deff942a0a5cb5da27b63859d7af5422630f32a47f87f54bbf",
+            "size": 37298747,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:b892f4c6c3b7e139dbe8d7e403c4558f5b424c5cf07a51ff5ab074c6201cd779",
+            "size": 8871,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:0fd273e790a9b2fc17d28ec6255094f5fe63a1576e54c208134c0435f1c1b2cc",
+            "size": 359,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:73786d94d5dedd650ce3193adfa2b92502131e90287731ac6d26db5de1ae5d4d",
+            "size": 239,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:fdcf22601cf27f222030e783f8755e11a1adb0dc949a7e735740e67c02548171",
+            "size": 565,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4",
+            "size": 32,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:3f59f43f810c97c60d62f42c8779ad9aadecfb1647feb86630dcc444ab710995",
+            "size": 7184422,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:bd7ad955318a78798da9d8b4c9ad4c683bf38dcd93db7b2f6a1c111e37b563ff",
+            "size": 546,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          },
+          {
+            "name": "sha256:79743704eaad90ed9ce3a67fa1185babc3ffc9f015213831b659e67ed11704d5",
+            "size": 545,
+            "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar"
+          }
+        ],
+        "dockerImageSignatures": [
+          "eyJoZWFkZXIiOnsiandrIjp7ImNydiI6IlAtMjU2Iiwia2lkIjoiM1dXTzpWV1pGOjRUR0I6TzJPQTpSV083OkxINDQ6TkZPUDpZREtBOkFQNVA6STRITDpGUUozOlpSUkgiLCJrdHkiOiJFQyIsIngiOiJJbEV3X1BTSEdOakptZEYyM2FkRXMxem90eXVteER6bE9CaEVrUXVkcDdrIiwieSI6ImpjcHl4dVQ3QzVMM1ZobmU3TDhRdVBjbHdXb0gza2ZBTWRuLWEtanc2aGMifSwiYWxnIjoiRVMyNTYifSwic2lnbmF0dXJlIjoiSlJJanY1RzVZUzZ2V2hUM0tMSVpSaTdxWlRQb2dxRVhEZXd2SlZrNmxnbm5aQjlqbm91ZE04VHVpcmhUd0lRbmdaWkRLU3l6RXJkdEthOXFtQk5wbWciLCJwcm90ZWN0ZWQiOiJleUptYjNKdFlYUk1aVzVuZEdnaU9qTTFNak01TENKbWIzSnRZWFJVWVdsc0lqb2lRMjR3SWl3aWRHbHRaU0k2SWpJd01UY3RNRFV0TWpsVU1qSTZORFk2TVRkYUluMCJ9"
+        ],
+        "dockerImageManifestMediaType": "application/vnd.docker.distribution.manifest.v1+json"
+      }
+    }
\ No newline at end of file
diff --git a/group_vars/OSEv3.yml b/group_vars/OSEv3.yml
new file mode 100644
index 0000000..3a80c9d
--- /dev/null
+++ b/group_vars/OSEv3.yml
@@ -0,0 +1,54 @@
+---
+debug_level: 2
+
+# This is deployed on an OpenStack cloud which defaults eth0 mtu to 1450
+# The node mtu must be 50 less than eth0
+# https://docs.openshift.com/container-platform/3.5/admin_guide/sdn_troubleshooting.html#builds-on-a-virtual-network-are-failing
+openshift_node_sdn_mtu: 1400
+
+# Version and deployment type
+openshift_deployment_type: origin
+deployment_subtype: registry
+# openshift_release 1.5.1 is only available in -testing and fixes known issues
+openshift_repos_enable_testing: true
+openshift_release: v1.5.1
+
+# Identity: GitHub oauth
+# Application name: "OpenShift Docker Registry Console"
+# Application home page: "https://registry.rdoproject.org:8443/"
+# Application description: "OpenShift Docker Registry Console"
+# Application callback URL: "https://registry.rdoproject.org:8443/oauth2callback/github"
+openshift_master_identity_providers:
+  - name: github
+    login: true
+    challenge: false
+    kind: GitHubIdentityProvider
+    clientID: "{{ lookup('env', 'RDO_GITHUB_CLIENT_ID') |default(None, true) }}"
+    clientSecret: "{{ lookup('env', 'RDO_GITHUB_CLIENT_SECRET') |default(None, true) }}"
+    teams:
+      - rdo-infra/registry-rdoproject-org
+
+# Endpoint DNS and SSL
+openshift_master_cluster_public_hostname: registry.rdoproject.org
+openshift_master_default_subdomain: apps.registry.rdoproject.org
+openshift_master_overwrite_named_certificates: true
+openshift_master_named_certificates:
+  - certfile: /etc/letsencrypt/live/registry.rdoproject.org/registry.rdoproject.org-fullchain.pem
+    keyfile: /etc/letsencrypt/live/registry.rdoproject.org/registry.rdoproject.org-privkey.pem
+    names:
+      - registry.rdoproject.org
+
+# Note: using passthrough termination because reencrypt does not work
+# https://github.com/openshift/origin/issues/14249
+openshift_hosted_registry_routehost: trunk.registry.rdoproject.org
+openshift_hosted_registry_routetermination: passthrough
+openshift_hosted_registry_routecertificates:
+  certfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-fullchain.pem"
+  keyfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-privkey.pem"
+
+openshift_hosted_registry_console_routehost: console.registry.rdoproject.org
+openshift_hosted_registry_console_routetermination: reencrypt
+openshift_hosted_registry_console_routecertificates:
+  certfile: "/etc/letsencrypt/live/console.registry.rdoproject.org/console.registry.rdoproject.org-cert.pem"
+  keyfile: "/etc/letsencrypt/live/console.registry.rdoproject.org/console.registry.rdoproject.org-privkey.pem"
+  cafile: "/etc/letsencrypt/live/console.registry.rdoproject.org/console.registry.rdoproject.org-chain.pem"
diff --git a/host-preparation.yml b/host-preparation.yml
new file mode 100644
index 0000000..be0ef6b
--- /dev/null
+++ b/host-preparation.yml
@@ -0,0 +1,22 @@
+---
+#   Copyright Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+- name: Prepare host for an OpenShift Standalone Registry installation
+  hosts: nodes
+  become: yes
+  tasks:
+    - include_role:
+        name: host-preparation
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..9199cb0
--- /dev/null
+++ b/hosts
@@ -0,0 +1,12 @@
+# Create an OSEv3 group that contains the masters and nodes groups
+[OSEv3:children]
+masters
+nodes
+
+# host group for masters
+[masters]
+registry.rdoproject.org
+
+# host group for nodes, includes region info
+[nodes]
+registry.rdoproject.org openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
diff --git a/letsencrypt.sh b/letsencrypt.sh
new file mode 100644
index 0000000..703e8d0
--- /dev/null
+++ b/letsencrypt.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+#   Copyright Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+# Note: if generating certificates after OpenShift has been set up
+# oc scale --replicas=0 dc router
+# <Generate certs>
+# oc scale --replicas=1 dc router
+
+yum -y install git
+
+# Retrieve letsencrypt and run it
+git clone https://github.com/letsencrypt/letsencrypt
+mkdir -p /tmp/letsencrypt
+
+for domain in registry.rdoproject.org trunk.registry.rdoproject.org console.registry.rdoproject.org
+do
+letsencrypt/letsencrypt-auto --renew-by-default \
+  -a standalone \
+  --webroot-path /tmp/letsencrypt/ \
+  --server https://acme-v01.api.letsencrypt.org/directory \
+  --email dmsimard@redhat.com \
+  --text \
+  --non-interactive \
+  --agree-tos \
+  -d $domain auth
+  sleep 1
+  # openshift-ansible gathers all keys and certs to /etc/origin/master/named_certificates
+  # Give them unique names so they don't overwrite each other.
+  pushd /etc/letsencrypt/live/${domain}
+  ln -s privkey.pem ${domain}-privkey.pem
+  ln -s cert.pem ${domain}-cert.pem
+  ln -s chain.pem ${domain}-chain.pem
+  ln -s fullchain.pem ${domain}-fullchain.pem
+  popd
+done
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..40d7ab3
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+pbr>=1.6
+ara>=0.5.0
diff --git a/roles/host-preparation/README.rst b/roles/host-preparation/README.rst
new file mode 100644
index 0000000..7ccf965
--- /dev/null
+++ b/roles/host-preparation/README.rst
@@ -0,0 +1,16 @@
+host-preparation
+================
+
+This is an Ansible version of the necessary pre-requirements documented here:
+https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html
+
+It will:
+
+- Install the required packages
+- Start and enable NetworkManager
+- Set up the API, Registry and Console FQDNs to resolve to 127.0.0.1
+- Configure 172.30.0.0/16 as a trusted range for insecure registries
+- Configure the docker-network MTU (default: 1400)
+- Configure docker-storage-setup to format a block device and remount it as '/var/lib/docker' with the overlay2 storage driver
+- Run docker-storage-setup if /var/lib/docker is not yet mounted
+- Enable and start Docker
diff --git a/roles/host-preparation/defaults/main.yml b/roles/host-preparation/defaults/main.yml
new file mode 100644
index 0000000..8a5aa0e
--- /dev/null
+++ b/roles/host-preparation/defaults/main.yml
@@ -0,0 +1,40 @@
+---
+#   Copyright Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+host_preparation_domain: registry.rdoproject.org
+host_preparation_registry: trunk.registry.rdoproject.org
+host_preparation_console: console.registry.rdoproject.org
+
+host_preparation_packages:
+  - centos-release-openshift-origin
+  - wget
+  - git
+  - net-tools
+  - bind-utils
+  - iptables-services
+  - bridge-utils
+  - bash-completion
+  - docker
+  - NetworkManager
+  - pyOpenSSL
+
+# OpenStack (TripleO) clouds have a default MTU of 1450, we need to override
+# the 1500 default
+host_preparation_docker_mtu: 1400
+
+# It is expected that the host has an additional cinder volume/disk for the
+# storage of containers and images.
+# host_preparation_docker_disk: "/dev/vdb"
diff --git a/roles/host-preparation/handlers/main.yml b/roles/host-preparation/handlers/main.yml
new file mode 100644
index 0000000..b48a3bc
--- /dev/null
+++ b/roles/host-preparation/handlers/main.yml
@@ -0,0 +1,20 @@
+---
+#   Copyright Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+- name: Restart docker
+  service:
+    state: "restarted"
+    name: "docker"
diff --git a/roles/host-preparation/tasks/main.yml b/roles/host-preparation/tasks/main.yml
new file mode 100644
index 0000000..59e3323
--- /dev/null
+++ b/roles/host-preparation/tasks/main.yml
@@ -0,0 +1,120 @@
+---
+#   Copyright Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+#
+
+- name: Intall pre-required packages
+  package:
+    name: "{{ host_preparation_packages }}"
+    state: "present"
+
+- name: Enable and start NetworkManager
+  service:
+    name: "NetworkManager"
+    state: "started"
+    enabled: "yes"
+
+- name: Ensure hostnames properly resolve to localhost
+  lineinfile:
+    dest: "/etc/hosts"
+    line: "127.0.0.1 {{ item }}"
+    insertafter: EOF
+  with_items:
+    - "{{ host_preparation_domain }}"
+    - "{{ host_preparation_registry }}"
+    - "{{ host_preparation_console }}"
+    - "{{ ansible_fqdn }}"
+
+- name: Configure Docker insecure registry for internal OpenShift subnet
+  lineinfile:
+    dest: "/etc/sysconfig/docker"
+    regexp: "^INSECURE_REGISTRY="
+    line: "INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'"
+  notify:
+    - Restart docker
+
+- name: Configure Docker MTU
+  lineinfile:
+    dest: "/etc/sysconfig/docker-network"
+    regexp: "^DOCKER_NETWORK_OPTIONS="
+    line: "DOCKER_NETWORK_OPTIONS='--mtu {{ host_preparation_docker_mtu }}'"
+  notify:
+    - Restart docker
+
+- name: Configure mounts fact
+  set_fact:
+    mounts: "{{ ansible_mounts | map(attribute='mount') | join(' ') }}"
+
+- name: Configure docker-storage-setup with a block device
+  copy:
+    content: |
+      DEVS={{ host_preparation_docker_disk }}
+      VG=docker-vg
+      STORAGE_DRIVER=overlay2
+      DOCKER_ROOT_VOLUME=yes
+      DOCKER_ROOT_VOLUME_SIZE=100%FREE
+    dest: "/etc/sysconfig/docker-storage-setup"
+  when:
+    - host_preparation_docker_disk is defined
+    - "'/var/lib/docker' not in mounts"
+
+- when:
+    - host_preparation_docker_disk is not defined
+    - "'/var/lib/docker' not in mounts"
+  block:
+    - name: Warn about using loopback device
+      debug:
+        msg: >-
+          'host_preparation_docker_disk' was not defined, a temporary loopback
+          device will be configured for test purposes. This is not recommended
+          in production.
+
+    - name: Pause for warning
+      pause:
+        seconds: 10
+
+    - name: Create file for loopback device
+      command: dd if=/dev/zero of=/tmp/loopback bs=1M count=4096
+
+    - name: Set up loopback device
+      command: losetup -f /tmp/loopback
+
+    - name: Create docker-vg volume group on the loopback device
+      lvg:
+        vg: "docker-vg"
+        pvs: "/dev/loop0"
+
+    - name: Configure docker-storage-setup with a loopback device
+      copy:
+        content: |
+          VG=docker-vg
+          STORAGE_DRIVER=overlay2
+          DOCKER_ROOT_VOLUME=yes
+          DOCKER_ROOT_VOLUME_SIZE=100%FREE
+        dest: "/etc/sysconfig/docker-storage-setup"
+
+- name: Run docker-storage-setup
+  command: docker-storage-setup
+  when: "'/var/lib/docker' not in mounts"
+  notify:
+    - Restart docker
+
+- name: Enable and start Docker
+  service:
+    name: "docker"
+    state: "started"
+    enabled: "yes"
+
+- name: Flush handlers
+  meta: flush_handlers
diff --git a/run_tests.sh b/run_tests.sh
new file mode 100755
index 0000000..d15f141
--- /dev/null
+++ b/run_tests.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+
+export RDO_GITHUB_CLIENT_ID=oauth_client_id
+export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret
+
+function cleanup() {
+    # This is used so that openshift-ansible is not in CWD when initializing
+    # tox which makes it take forever to bootstrap the virtualenv
+    rm -rf openshift-ansible
+}
+
+# This runs on localhost but uses registry.rdoproject.org resources
+for host in registry.rdoproject.org console.registry.rdoproject.org trunk.registry.rdoproject.org
+do
+    if ! grep -q "127.0.0.1 ${host}" /etc/hosts; then
+        echo "127.0.0.1 ${host}" | sudo tee -a /etc/hosts
+    fi
+done
+
+# We'll be connecting on localhost over ssh, setup keypair authentication
+if [ ! -f ~/.ssh/id_rsa.pub ]; then
+    ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
+fi
+if ! grep -q "$(cat ~/.ssh/id_rsa.pub)" ~/.ssh/authorized_keys; then
+    cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
+fi
+ssh-keyscan -H registry.rdoproject.org >>~/.ssh/known_hosts
+
+cleanup
+tox -e ansible-playbook -- -b -i hosts host-preparation.yml -e "ansible_ssh_user=${USER}"
+cleanup
+tox -e ansible-playbook -- -b -i hosts openshift-ansible/playbooks/byo/config.yml -e "ansible_ssh_user=${USER}"
+
+sudo oc get pods
+sudo oc get routes
+sudo oc get svc
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 0000000..2d3bf6b
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,44 @@
+[metadata]
+name = rdo-container-registry
+summary = rdo-container-registry
+description-file =
+    README.rst
+author = David Moreau Simard
+author-email = dms@redhat.com
+home-page = https://github.com/rdo-infra/rdo-container-registry
+classifier =
+  License :: OSI Approved :: Apache Software License
+  Development Status :: 4 - Beta
+  Intended Audience :: Developers
+  Intended Audience :: System Administrators
+  Intended Audience :: Information Technology
+  Topic :: Utilities
+
+[global]
+setup-hooks =
+    pbr.hooks.setup_hook
+
+[files]
+data_files =
+    usr/local/share/rdo-container-registry =
+        hosts
+        host-preparation.yml
+        letsencrypt.sh
+    usr/local/share/rdo-container-registry/roles = roles/*
+    usr/local/share/rdo-container-registry/group_vars = group_vars/*
+    usr/local/share/rdo-container-registry/doc = doc/source/*
+
+[build_sphinx]
+source-dir = docs
+build-dir = docs/build
+all_files = 1
+
+[upload_sphinx]
+upload-dir = docs/html
+
+[wheel]
+universal = 1
+
+[pbr]
+skip_authors = True
+skip_changelog = True
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..6a931a6
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,19 @@
+#   Copyright Red Hat, Inc. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License"); you may
+#   not use this file except in compliance with the License. You may obtain
+#   a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#   License for the specific language governing permissions and limitations
+#   under the License.
+
+import setuptools
+
+setuptools.setup(
+    setup_requires=['pbr'],
+    pbr=True)
diff --git a/test-requirements.txt b/test-requirements.txt
new file mode 100644
index 0000000..ffc481d
--- /dev/null
+++ b/test-requirements.txt
@@ -0,0 +1,3 @@
+sphinx<1.6.0
+sphinx-rtd-theme
+ansible-lint
diff --git a/tox.ini b/tox.ini
new file mode 100644
index 0000000..8662374
--- /dev/null
+++ b/tox.ini
@@ -0,0 +1,42 @@
+[tox]
+minversion = 1.6
+envlist = py27
+skipdist = True
+
+[testenv]
+usedevelop = True
+install_command = pip install -U {opts} {packages}
+setenv = VIRTUAL_ENV={envdir}
+deps = -r{toxinidir}/test-requirements.txt
+
+[testenv:docs]
+commands = sphinx-build -W -b html doc/source doc/build/html
+
+[testenv:ansible-lint]
+commands =
+    bash -c "find roles/ -type f -regex '.*.y[a]?ml' -print | xargs -L1 ansible-lint"
+setenv =
+    ANSIBLE_CONFIG = {toxinidir}/openshift-ansible/ansible.cfg
+    PYTHONUNBUFFERED = 1
+whitelist_externals = bash
+
+[testenv:ansible-playbook]
+commands =
+    rm -rf {toxinidir}/openshift-ansible
+    bash -c "git clone https://github.com/dmsimard/openshift-ansible; pushd openshift-ansible; git checkout rdo; popd"
+    pip install -r {toxinidir}/openshift-ansible/requirements.txt
+    ansible-playbook {posargs}
+    rm -rf {toxinidir}/openshift-ansible
+passenv =
+    HOME
+    SSH_AUTH_SOCK
+    USER
+    RDO_GITHUB_CLIENT_ID
+    RDO_GITHUB_CLIENT_SECRET
+setenv =
+    ANSIBLE_CONFIG = {toxinidir}/openshift-ansible/ansible.cfg
+    ANSIBLE_CALLBACK_PLUGINS={toxinidir}/.tox/ansible-playbook/lib/python2.7/site-packages/ara/plugins/callbacks
+    PYTHONUNBUFFERED = 1
+whitelist_externals =
+    bash
+    rm