You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by DEHAY Aurelien <au...@faurecia.com> on 2018/11/09 10:30:19 UTC
Nifi Cluster & LDAP
Hello.
I'm struggling to configure the very first node of my 3 nodes nifi 1.8.0 cluster.
I've used the toolkit to create the jks:
bin/tls-toolkit.sh standalone -n 'par01prdedge[1-3].fqdn' -C "CN=admin,OU=nifi" -c "par01prdedge1" -d 3650 -o ~/nifi-data/toolkit -O
I have then 3 directories, with a keystore (with Owner: CN=par01prdedge1.fqdn), a truststore and nifi.properties.
I've doublechecked spaces & uppercases in the DN, and it's ok everywhere.
Configured login provider to use the ldap configuration (which is working on other nifi instance)
Configure authorizers.xml to use:
- A ldap group provider
- A file user group provider with initial users identity for the 3 nodes of cluster
- A composite user group provider to use the 2 previous user group providers
- A file access policy with 3 nodes identity and the initial admin identity
I don't have ldap entries for my nodes, and I get the following error when I run the server on edge1.
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=par01prdedge2.fqdn, OU=NIFI to seed policies.
at org.apache.nifi.authorization.FileAccessPolicyProvider.populateNodes(FileAccessPolicyProvider.java:639)
It seems to find correctly is own identity, but not identity of others nodes.
I wonder how nifi locate node identity, do I have to create an entry for the nodes in the LDAP? I'd like to avoid it. DO I have to "merge" the jks of the 3 nodes?
I wonder if I should use the tls-toolkit in server mode?
I've read blogs post from
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup (but this one does not document how to create the jks)
with no luck, still wonder where is the problem.
Thanks for any pointer.
AurélienAurélien DEHAY
Big Data Architect
+33 616 815 441
aurelien.dehay@faurecia.com
23/27 avenue des Champs Pierreux
92735 Nanterre Cedex - France
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
RE: Nifi Cluster & LDAP
Posted by DEHAY Aurelien <au...@faurecia.com>.
Ok, my bad, forget my former mail
Works fine indeed, thank you very much.!!!
From: Pierre Villard [mailto:pierre.villard.fr@gmail.com]
Sent: vendredi 9 novembre 2018 11:55
To: users@nifi.apache.org
Subject: Re: Nifi Cluster & LDAP
I believe that in your access policy provider, you need to change
<property name="User Group Provider">ldap-user-group-provider</property>
with
<property name="User Group Provider">composite-configurable-user-group-provider</property>
So that you have both the File and LDAP providers.
Be sure to remove /home/faureciarun/nifi-data/configuration-resources/users.xml on all nodes before restarting because once it's been generated with the initial users/identities, it's not updated on next restarts.
Pierre
Le ven. 9 nov. 2018 à 11:42, DEHAY Aurelien <au...@faurecia.com>> a écrit :
Hello Pierre.
https://gist.github.com/zorel/3655188026b0355c8860030932884fa9
I’ve tried to comment edge2 and 3, but I have now the error for edge1, which is the node I try to launch.
Aurélien DEHAY
Big Data Architect
+33 616 815 441
aurelien.dehay@faurecia.com<ma...@faurecia.com>
23/27 avenue des Champs Pierreux
92735 Nanterre Cedex – France
[Faurecia_inspiring_mobility_logo-RVB_150]
From: Pierre Villard [mailto:pierre.villard.fr@gmail.com<ma...@gmail.com>]
Sent: vendredi 9 novembre 2018 11:34
To: users@nifi.apache.org<ma...@nifi.apache.org>
Subject: Re: Nifi Cluster & LDAP
Hi Aurélien,
Based on the error, I'm pretty sure it's located in the authorizers.xml file. Do you mind sharing it (after removing anything sensitive)?
No need to add the nodes in the LDAP and it's definitely not related to keystores.
Pierre
Le ven. 9 nov. 2018 à 11:30, DEHAY Aurelien <au...@faurecia.com>> a écrit :
Hello.
I'm struggling to configure the very first node of my 3 nodes nifi 1.8.0 cluster.
I've used the toolkit to create the jks:
bin/tls-toolkit.sh standalone -n 'par01prdedge[1-3].fqdn' -C "CN=admin,OU=nifi" -c "par01prdedge1" -d 3650 -o ~/nifi-data/toolkit -O
I have then 3 directories, with a keystore (with Owner: CN=par01prdedge1.fqdn), a truststore and nifi.properties.
I've doublechecked spaces & uppercases in the DN, and it's ok everywhere.
Configured login provider to use the ldap configuration (which is working on other nifi instance)
Configure authorizers.xml to use:
- A ldap group provider
- A file user group provider with initial users identity for the 3 nodes of cluster
- A composite user group provider to use the 2 previous user group providers
- A file access policy with 3 nodes identity and the initial admin identity
I don't have ldap entries for my nodes, and I get the following error when I run the server on edge1.
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=par01prdedge2.fqdn, OU=NIFI to seed policies.
at org.apache.nifi.authorization.FileAccessPolicyProvider.populateNodes(FileAccessPolicyProvider.java:639)
It seems to find correctly is own identity, but not identity of others nodes.
I wonder how nifi locate node identity, do I have to create an entry for the nodes in the LDAP? I'd like to avoid it. DO I have to "merge" the jks of the 3 nodes?
I wonder if I should use the tls-toolkit in server mode?
I've read blogs post from
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup (but this one does not document how to create the jks)
with no luck, still wonder where is the problem.
Thanks for any pointer.
AurélienAurélien DEHAY
Big Data Architect
+33 616 815 441
aurelien.dehay@faurecia.com<ma...@faurecia.com>
23/27 avenue des Champs Pierreux
92735 Nanterre Cedex - France
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
RE: Nifi Cluster & LDAP
Posted by DEHAY Aurelien <au...@faurecia.com>.
I got
Caused by: java.lang.Exception: The specified authorizer 'composite-configurable-user-group-provider' could not be found.
at org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:174)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
From: Pierre Villard [mailto:pierre.villard.fr@gmail.com]
Sent: vendredi 9 novembre 2018 11:55
To: users@nifi.apache.org
Subject: Re: Nifi Cluster & LDAP
I believe that in your access policy provider, you need to change
<property name="User Group Provider">ldap-user-group-provider</property>
with
<property name="User Group Provider">composite-configurable-user-group-provider</property>
So that you have both the File and LDAP providers.
Be sure to remove /home/faureciarun/nifi-data/configuration-resources/users.xml on all nodes before restarting because once it's been generated with the initial users/identities, it's not updated on next restarts.
Pierre
Le ven. 9 nov. 2018 à 11:42, DEHAY Aurelien <au...@faurecia.com>> a écrit :
Hello Pierre.
https://gist.github.com/zorel/3655188026b0355c8860030932884fa9
I’ve tried to comment edge2 and 3, but I have now the error for edge1, which is the node I try to launch.
From: Pierre Villard [mailto:pierre.villard.fr@gmail.com<ma...@gmail.com>]
Sent: vendredi 9 novembre 2018 11:34
To: users@nifi.apache.org<ma...@nifi.apache.org>
Subject: Re: Nifi Cluster & LDAP
Hi Aurélien,
Based on the error, I'm pretty sure it's located in the authorizers.xml file. Do you mind sharing it (after removing anything sensitive)?
No need to add the nodes in the LDAP and it's definitely not related to keystores.
Pierre
Le ven. 9 nov. 2018 à 11:30, DEHAY Aurelien <au...@faurecia.com>> a écrit :
Hello.
I'm struggling to configure the very first node of my 3 nodes nifi 1.8.0 cluster.
I've used the toolkit to create the jks:
bin/tls-toolkit.sh standalone -n 'par01prdedge[1-3].fqdn' -C "CN=admin,OU=nifi" -c "par01prdedge1" -d 3650 -o ~/nifi-data/toolkit -O
I have then 3 directories, with a keystore (with Owner: CN=par01prdedge1.fqdn), a truststore and nifi.properties.
I've doublechecked spaces & uppercases in the DN, and it's ok everywhere.
Configured login provider to use the ldap configuration (which is working on other nifi instance)
Configure authorizers.xml to use:
- A ldap group provider
- A file user group provider with initial users identity for the 3 nodes of cluster
- A composite user group provider to use the 2 previous user group providers
- A file access policy with 3 nodes identity and the initial admin identity
I don't have ldap entries for my nodes, and I get the following error when I run the server on edge1.
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=par01prdedge2.fqdn, OU=NIFI to seed policies.
at org.apache.nifi.authorization.FileAccessPolicyProvider.populateNodes(FileAccessPolicyProvider.java:639)
It seems to find correctly is own identity, but not identity of others nodes.
I wonder how nifi locate node identity, do I have to create an entry for the nodes in the LDAP? I'd like to avoid it. DO I have to "merge" the jks of the 3 nodes?
I wonder if I should use the tls-toolkit in server mode?
I've read blogs post from
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup (but this one does not document how to create the jks)
with no luck, still wonder where is the problem.
Thanks for any pointer.
AurélienAurélien DEHAY
Big Data Architect
+33 616 815 441
aurelien.dehay@faurecia.com<ma...@faurecia.com>
23/27 avenue des Champs Pierreux
92735 Nanterre Cedex - France
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
Re: Nifi Cluster & LDAP
Posted by Pierre Villard <pi...@gmail.com>.
I believe that in your access policy provider, you need to change
<property name="User Group Provider">ldap-user-group-provider</property>
with
<property name="User Group Provider"
>composite-configurable-user-group-provider</property>
So that you have both the File and LDAP providers.
Be sure to remove
/home/faureciarun/nifi-data/configuration-resources/users.xml on all nodes
before restarting because once it's been generated with the initial
users/identities, it's not updated on next restarts.
Pierre
Le ven. 9 nov. 2018 à 11:42, DEHAY Aurelien <au...@faurecia.com> a
écrit :
> Hello Pierre.
>
>
>
> https://gist.github.com/zorel/3655188026b0355c8860030932884fa9
>
>
>
> I’ve tried to comment edge2 and 3, but I have now the error for edge1,
> which is the node I try to launch.
>
>
>
>
>
>
>
>
> *Aurélien DEHAY *Big Data Architect
> +33 616 815 441
>
> aurelien.dehay@faurecia.com
>
> 23/27 avenue des Champs Pierreux
> 92735 Nanterre Cedex – France
>
> [image: Faurecia_inspiring_mobility_logo-RVB_150]
>
>
>
> *From:* Pierre Villard [mailto:pierre.villard.fr@gmail.com]
> *Sent:* vendredi 9 novembre 2018 11:34
> *To:* users@nifi.apache.org
> *Subject:* Re: Nifi Cluster & LDAP
>
>
>
> Hi Aurélien,
>
>
>
> Based on the error, I'm pretty sure it's located in the authorizers.xml
> file. Do you mind sharing it (after removing anything sensitive)?
>
> No need to add the nodes in the LDAP and it's definitely not related to
> keystores.
>
>
>
> Pierre
>
>
>
> Le ven. 9 nov. 2018 à 11:30, DEHAY Aurelien <au...@faurecia.com>
> a écrit :
>
> Hello.
>
> I'm struggling to configure the very first node of my 3 nodes nifi 1.8.0
> cluster.
>
> I've used the toolkit to create the jks:
> bin/tls-toolkit.sh standalone -n 'par01prdedge[1-3].fqdn' -C
> "CN=admin,OU=nifi" -c "par01prdedge1" -d 3650 -o ~/nifi-data/toolkit -O
>
> I have then 3 directories, with a keystore (with Owner:
> CN=par01prdedge1.fqdn), a truststore and nifi.properties.
> I've doublechecked spaces & uppercases in the DN, and it's ok everywhere.
>
> Configured login provider to use the ldap configuration (which is working
> on other nifi instance)
> Configure authorizers.xml to use:
> - A ldap group provider
> - A file user group provider with initial users identity for the 3 nodes
> of cluster
> - A composite user group provider to use the 2 previous user group
> providers
> - A file access policy with 3 nodes identity and the initial admin identity
>
> I don't have ldap entries for my nodes, and I get the following error when
> I run the server on edge1.
> Caused by:
> org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable
> to locate node CN=par01prdedge2.fqdn, OU=NIFI to seed policies.
> at
> org.apache.nifi.authorization.FileAccessPolicyProvider.populateNodes(FileAccessPolicyProvider.java:639)
>
> It seems to find correctly is own identity, but not identity of others
> nodes.
>
> I wonder how nifi locate node identity, do I have to create an entry for
> the nodes in the LDAP? I'd like to avoid it. DO I have to "merge" the jks
> of the 3 nodes?
>
> I wonder if I should use the tls-toolkit in server mode?
>
> I've read blogs post from
>
> https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
>
> https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup
> (but this one does not document how to create the jks)
> with no luck, still wonder where is the problem.
>
> Thanks for any pointer.
>
>
> AurélienAurélien DEHAY
> Big Data Architect
> +33 616 815 441
> aurelien.dehay@faurecia.com
>
> 23/27 avenue des Champs Pierreux
> 92735 Nanterre Cedex - France
>
>
>
> This electronic transmission (and any attachments thereto) is intended
> solely for the use of the addressee(s). It may contain confidential or
> legally privileged information. If you are not the intended recipient of
> this message, you must delete it immediately and notify the sender. Any
> unauthorized use or disclosure of this message is strictly prohibited.
> Faurecia does not guarantee the integrity of this transmission and shall
> therefore never be liable if the message is altered or falsified nor for
> any virus, interception or damage to your system.
>
>
> This electronic transmission (and any attachments thereto) is intended
> solely for the use of the addressee(s). It may contain confidential or
> legally privileged information. If you are not the intended recipient of
> this message, you must delete it immediately and notify the sender. Any
> unauthorized use or disclosure of this message is strictly prohibited.
> Faurecia does not guarantee the integrity of this transmission and shall
> therefore never be liable if the message is altered or falsified nor for
> any virus, interception or damage to your system.
>
RE: Nifi Cluster & LDAP
Posted by DEHAY Aurelien <au...@faurecia.com>.
Hello Pierre.
https://gist.github.com/zorel/3655188026b0355c8860030932884fa9
I’ve tried to comment edge2 and 3, but I have now the error for edge1, which is the node I try to launch.
Aurélien DEHAY
Big Data Architect
+33 616 815 441
aurelien.dehay@faurecia.com
23/27 avenue des Champs Pierreux
92735 Nanterre Cedex – France
[Faurecia_inspiring_mobility_logo-RVB_150]
From: Pierre Villard [mailto:pierre.villard.fr@gmail.com]
Sent: vendredi 9 novembre 2018 11:34
To: users@nifi.apache.org
Subject: Re: Nifi Cluster & LDAP
Hi Aurélien,
Based on the error, I'm pretty sure it's located in the authorizers.xml file. Do you mind sharing it (after removing anything sensitive)?
No need to add the nodes in the LDAP and it's definitely not related to keystores.
Pierre
Le ven. 9 nov. 2018 à 11:30, DEHAY Aurelien <au...@faurecia.com>> a écrit :
Hello.
I'm struggling to configure the very first node of my 3 nodes nifi 1.8.0 cluster.
I've used the toolkit to create the jks:
bin/tls-toolkit.sh standalone -n 'par01prdedge[1-3].fqdn' -C "CN=admin,OU=nifi" -c "par01prdedge1" -d 3650 -o ~/nifi-data/toolkit -O
I have then 3 directories, with a keystore (with Owner: CN=par01prdedge1.fqdn), a truststore and nifi.properties.
I've doublechecked spaces & uppercases in the DN, and it's ok everywhere.
Configured login provider to use the ldap configuration (which is working on other nifi instance)
Configure authorizers.xml to use:
- A ldap group provider
- A file user group provider with initial users identity for the 3 nodes of cluster
- A composite user group provider to use the 2 previous user group providers
- A file access policy with 3 nodes identity and the initial admin identity
I don't have ldap entries for my nodes, and I get the following error when I run the server on edge1.
Caused by: org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable to locate node CN=par01prdedge2.fqdn, OU=NIFI to seed policies.
at org.apache.nifi.authorization.FileAccessPolicyProvider.populateNodes(FileAccessPolicyProvider.java:639)
It seems to find correctly is own identity, but not identity of others nodes.
I wonder how nifi locate node identity, do I have to create an entry for the nodes in the LDAP? I'd like to avoid it. DO I have to "merge" the jks of the 3 nodes?
I wonder if I should use the tls-toolkit in server mode?
I've read blogs post from
https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup (but this one does not document how to create the jks)
with no luck, still wonder where is the problem.
Thanks for any pointer.
AurélienAurélien DEHAY
Big Data Architect
+33 616 815 441
aurelien.dehay@faurecia.com<ma...@faurecia.com>
23/27 avenue des Champs Pierreux
92735 Nanterre Cedex - France
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
This electronic transmission (and any attachments thereto) is intended solely for the use of the addressee(s). It may contain confidential or legally privileged information. If you are not the intended recipient of this message, you must delete it immediately and notify the sender. Any unauthorized use or disclosure of this message is strictly prohibited. Faurecia does not guarantee the integrity of this transmission and shall therefore never be liable if the message is altered or falsified nor for any virus, interception or damage to your system.
Re: Nifi Cluster & LDAP
Posted by Pierre Villard <pi...@gmail.com>.
Hi Aurélien,
Based on the error, I'm pretty sure it's located in the authorizers.xml
file. Do you mind sharing it (after removing anything sensitive)?
No need to add the nodes in the LDAP and it's definitely not related to
keystores.
Pierre
Le ven. 9 nov. 2018 à 11:30, DEHAY Aurelien <au...@faurecia.com> a
écrit :
> Hello.
>
> I'm struggling to configure the very first node of my 3 nodes nifi 1.8.0
> cluster.
>
> I've used the toolkit to create the jks:
> bin/tls-toolkit.sh standalone -n 'par01prdedge[1-3].fqdn' -C
> "CN=admin,OU=nifi" -c "par01prdedge1" -d 3650 -o ~/nifi-data/toolkit -O
>
> I have then 3 directories, with a keystore (with Owner:
> CN=par01prdedge1.fqdn), a truststore and nifi.properties.
> I've doublechecked spaces & uppercases in the DN, and it's ok everywhere.
>
> Configured login provider to use the ldap configuration (which is working
> on other nifi instance)
> Configure authorizers.xml to use:
> - A ldap group provider
> - A file user group provider with initial users identity for the 3 nodes
> of cluster
> - A composite user group provider to use the 2 previous user group
> providers
> - A file access policy with 3 nodes identity and the initial admin identity
>
> I don't have ldap entries for my nodes, and I get the following error when
> I run the server on edge1.
> Caused by:
> org.apache.nifi.authorization.exception.AuthorizerCreationException: Unable
> to locate node CN=par01prdedge2.fqdn, OU=NIFI to seed policies.
> at
> org.apache.nifi.authorization.FileAccessPolicyProvider.populateNodes(FileAccessPolicyProvider.java:639)
>
> It seems to find correctly is own identity, but not identity of others
> nodes.
>
> I wonder how nifi locate node identity, do I have to create an entry for
> the nodes in the LDAP? I'd like to avoid it. DO I have to "merge" the jks
> of the 3 nodes?
>
> I wonder if I should use the tls-toolkit in server mode?
>
> I've read blogs post from
>
> https://pierrevillard.com/2016/11/29/apache-nifi-1-1-0-secured-cluster-setup/
>
> https://bryanbende.com/development/2018/10/23/apache-nifi-secure-cluster-setup
> (but this one does not document how to create the jks)
> with no luck, still wonder where is the problem.
>
> Thanks for any pointer.
>
>
> AurélienAurélien DEHAY
> Big Data Architect
> +33 616 815 441
> aurelien.dehay@faurecia.com
>
> 23/27 avenue des Champs Pierreux
> 92735 Nanterre Cedex - France
>
>
>
> This electronic transmission (and any attachments thereto) is intended
> solely for the use of the addressee(s). It may contain confidential or
> legally privileged information. If you are not the intended recipient of
> this message, you must delete it immediately and notify the sender. Any
> unauthorized use or disclosure of this message is strictly prohibited.
> Faurecia does not guarantee the integrity of this transmission and shall
> therefore never be liable if the message is altered or falsified nor for
> any virus, interception or damage to your system.
>
>