Red Hat SummitShare Feedback to help us keep improving.
Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Using Ansible Builder
Ansible Builder is a command line tool that automates the process of building automation execution environments by using metadata defined in various Ansible Collections or created by the user.
You must build an execution environment before you can create it using automation controller. After building it, you must push it to a repository (such as quay) and then, when creating an execution environment in the UI with automation controller, you must point to that repository to use it in Ansible Automation Platform to use it, for example, in a job template.
2.1. Why use Ansible Builder
With Ansible Builder, you can easily create a customizable automation execution environments definition file that specifies the content you want included in your automation execution environments such as Ansible Core, Python, Collections, third-party Python requirements, and system level packages. This enables you to fulfill all of the necessary requirements and dependencies to get jobs running.
2.2. Installing Ansible Builder
Install Ansible Builder to create custom execution environments that contain the dependencies and collections required for your automation content. You need a valid Red Hat subscription and Podman installed on your RHEL system.
Prerequisites
- You have valid subscriptions attached on the host. With a valid subscription you can access the subscription-only resources needed to install ansible-builder, and ensures that the necessary repository for ansible-builder is automatically enabled. See Attaching your Red Hat Ansible Automation Platform subscription for more information.
- You have installed the Podman container runtime.
You have valid subscriptions attached on the host. With a subscription so you can access the subscription-only resources needed to install
ansible-builder, and ensures that the necessary repository foransible-builderis automatically enabled. See Attaching your Red Hat Ansible Automation Platform subscription for more information.NoteTo install the developer tools without consuming a valid Red Hat Ansible Automation Platform managed node subscription you can use MCT4589-Red Hat Ansible Developer, Standard (10 Managed Nodes), which is free. This subscription is for enabling users of Ansible Automation Platform. This subscription requires the approval of Ansible Business Unit.
Procedure
Run the following command to install Ansible Builder and activate your Ansible Automation Platform repo:
NoteIf you are running on RHEL 10, modify the command to reflect RHEL 10.
# dnf install --enablerepo=ansible-automation-platform-2.6-for-rhel-9-x86_64-rpms ansible-builder
2.3. Build an execution environment in a disconnected environment
Creating execution environments for Ansible Automation Platform is a common task which works differently in disconnected environments. When building a custom execution environment, the ansible-builder tool defaults to downloading content from the following locations on the internet:
- Red Hat Automation hub (console.redhat.com) or Ansible Galaxy (galaxy.ansible.com) for any Ansible content collections added to the execution environment image.
- PyPI (pypi.org) for any python packages required as collection dependencies.
- RPM repositories such as the RHEL or UBI repositories (cdn.redhat.com) for adding or updating RPMs to the execution environment image, if needed.
-
registry.redhat.iofor access to the base container images.
Building an execution environment image in a disconnected environment requires mirroring content from these locations. For information about importing collections from Ansible Galaxy or automation hub into a private automation hub, see Importing an automation content collection in automation hub .
Mirrored PyPI content once transferred into the disconnected network can be made available by using a web server or an artifact repository such as Nexus. The RHEL and UBI repository content can be exported from an internet-facing Red Hat Satellite Server, copied into the disconnected environment, then imported into a disconnected Satellite so it is available for building custom execution environments. See ISS Export Sync in an Air-Gapped Scenario for details.
The default base container image, ee-minimal-rhel8, is used to create custom execution environment images and is included with the bundled installer. This image is added to the private automation hub at install time.
If a different base container image such as ee-minimal-rhel9 is required, it must be imported to the disconnected network and added to the private automation hub container registry.
Once all of the prerequisites are available on the disconnected network, the ansible-builder command can be used to create custom execution environment images.
2.4. Building a definition file
You can use Ansible Builder to create an execution environment. Building a new execution environment involves a definition that specifies which content you want to include in your execution environment, such as collections, Python requirements, and system-level packages.
After you install Ansible Builder, you can create a definition file that Ansible Builder uses to create your automation execution environment image. Ansible Builder makes an automation execution environment image by reading and validating your definition file, then creating a Containerfile, and finally passing the Containerfile to Podman, which then packages and creates your automation execution environment image. The definition file that you create must be in YAML format, with a .yaml or .yml extension, and contain different sections. The default definition filename, if not provided, is execution-environment.yml. For more information on the parts of a definition file, see Breakdown of definition file content.
The following is an example of a version 3 definition file. Each definition file must specify the major version number of the Ansible Builder feature set it uses. If not specified, Ansible Builder defaults to version 1, making most new features and definition keywords unavailable.
version: 3
build_arg_defaults:
ANSIBLE_GALAXY_CLI_COLLECTION_OPTS: '--pre'
dependencies:
galaxy: requirements.yml
python:
- six
- psutil
system: bindep.txt
images:
base_image:
name: registry.redhat.io/ansible-automation-platform-26/ee-minimal-rhel9:latest
# Custom package manager path for the RHEL based images
options:
package_manager_path: /usr/bin/microdnf
additional_build_steps:
prepend_base:
- RUN echo This is a prepend base command!
prepend_galaxy:
# Environment variables used for Galaxy client configurations
- ENV ANSIBLE_GALAXY_SERVER_LIST=automation_hub
- ENV ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_URL=https://console.redhat.com/api/automation-hub/content/published/
- ENV ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_AUTH_URL=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
# define a custom build arg env passthru - we still also have to pass
# `--build-arg ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN` to get it to pick it up from the env
- ARG ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN
prepend_final: |
RUN whoami
RUN cat /etc/os-release
append_final:
- RUN echo This is a post-install command!
- RUN ls -la /etc-
build_arg_defaults: Lists default values for build arguments. -
dependencies: Specifies the location of various requirements files. -
images: Specifies the base image to be used. Red Hat support is only provided for the redhat.registry.io base image. -
options: Specifies options that can affect builder runtime functionality. -
additional_build_steps: Commands for additional custom build steps.
Additional resources
2.5. Creating the custom execution environment definition
When you have installed Ansible Builder, use the following steps to create your custom execution environment.
Procedure
Create a directory to store your custom execution environment build artifacts. Any new files created with the following steps are created under this directory.
$ mkdir $HOME/custom-ee $HOME/custom-ee/files $ cd $HOME/custom-ee/Create an
execution-environment.ymlfile that defines the requirements for your custom execution environment.NoteVersion 3 of the execution environment definition format is required, so ensure the
execution-environment.ymlfile containsversion: 3explicitly before continuing.- Override the base image to point to the minimal execution environment available in your private automation hub.
Define the additional build files needed to point to any disconnected content sources that will be used in the build process. Your custom
execution-environment.ymlfile should look similar to the following example:version: 3 images: base_image: name: private-hub.example.com/ee-minimal-rhel8:latest dependencies: python: requirements.txt galaxy: requirements.yml additional_build_files: - src: files/ansible.cfg dest: configs - src: files/pip.conf dest: configs - src: files/hub-ca.crt dest: configs # uncomment if custom RPM repositories are required #- src: files/custom.repo # dest: configs additional_build_steps: prepend_base: # copy a custom pip.conf to override the location of the PyPI content - ADD _build/configs/pip.conf /etc/pip.conf # remove the default UBI repository definition - RUN rm -f /etc/yum.repos.d/ubi.repo # copy the hub CA certificate and update the trust store - ADD _build/configs/hub-ca.crt /etc/pki/ca-trust/source/anchors - RUN update-ca-trust # if needed, uncomment to add a custom RPM repository configuration #- ADD _build/configs/custom.repo /etc/yum.repos.d/custom.repo prepend_galaxy: - ADD _build/configs/ansible.cfg ~/.ansible.cfg ...
Create an
ansible.cfgfile under thefiles/subdirectory that points to your private automation hub.$ cat files/ansible.cfg [galaxy] server_list = private_hub [galaxy_server.private_hub] url = /https://private-hub.example.com/api/galaxy/Create a
pip.conffile under thefiles/subdirectory which points to the internal PyPI mirror (a web server or something similar to Nexus):$ cat files/pip.conf [global] index-url = https://<pypi_mirror_fqdn>/ trusted-host = <pypi_mirror_fqdn>Optional: If you use a
bindep.txtfile to add RPMs the custom execution environment, create acustom.repofile under thefiles/subdirectory that points to your disconnected Satellite or other location hosting the RPM repositories. If this step is necessary, uncomment the steps in the exampleexecution-environment.ymlfile that correspond with thecustom.repofile.The following example is for the UBI repositories. Other local repositories can be added to this file as well. The URL path might need to change depending on where the mirror content is located on the web server.
$ cat files/custom.repo [ubi-8-baseos] name = Red Hat Universal Base Image 8 (RPMs) - BaseOS baseurl = http://<ubi_mirror_fqdn>/repos/ubi-8-baseos enabled = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release gpgcheck = 1 [ubi-8-appstream] name = Red Hat Universal Base Image 8 (RPMs) - AppStream baseurl = http://<ubi_mirror_fqdn>/repos/ubi-8-appstream enabled = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release gpgcheck = 1Add the CA certificate used to sign the private automation hub web server certificate. If the private automation hub uses self-signed certificates provided by the installation program
-
Copy the file
/etc/pulp/certs/pulp_webserver.crtfrom your private automation hub and name ithub-ca.crt. -
Add the
hub-ca.crtfile to thefiles/subdirectory.
-
Copy the file
If the private automation hub uses user-provided certificates signed by a certificate authority:
-
Make a copy of that CA certificate and name it
hub-ca.crt. -
Add the
hub-ca.crtfile to thefiles/`subdirectory.
-
Make a copy of that CA certificate and name it
When you have completed the preceding steps, create your python
requirements.txtand ansible collectionrequirements.ymlfiles, with the content needed for your custom execution environment image.NoteAny required collections must already be uploaded into your private automation hub.
The following files should exist under the
custom-ee/directory, withbindep.txtandfiles/custom.repobeing optional:$ cd $HOME/custom-ee $ tree . . ├── bindep.txt ├── execution-environment.yml ├── files │ ├── ansible.cfg │ ├── custom.repo │ ├── hub-ca.crt │ └── pip.conf ├── requirements.txt └── requirements.yml 1 directory, 8 files
2.6. Building the automation execution environment image
When you have created a definition file, you can proceed to build an automation execution environment image.
When building an execution environment image, it must support the architecture that Ansible Automation Platform is deployed with.
Prerequisites
- You have created a definition file.
Procedure
To build an automation execution environment image, run the following from the command line:
$ ansible-builder buildBy default, Ansible Builder looks for a definition file named
execution-environment.ymlbut a different file path can be specified as an argument with the-fflag:For example:
$ ansible-builder build -f definition-file-name.ymlwhere definition-file-name specifies the name of your definition file.
2.7. Breakdown of definition file content
You must provide a definition file to build automation execution environments with Ansible Builder, because it specifies the content that is included in the automation execution environment container image.
The following sections break down the different parts of a definition file.
2.7.1. Build arguments
The build_arg_defaults section of the definition file is a dictionary whose keys can provide default values for arguments to Ansible Builder.
The following table lists values that can be used in build_arg_defaults:
| Value | Description |
|---|---|
|
| Passes arbitrary arguments to the ansible-galaxy CLI during the collection installation phase.
For example, the |
|
|
Passes any flags, such as |
It is generally easier (especially in a pipeline context) to customize the base image into a custom base image using Podman first, and then call ansible-builder on this custom image.
The values given inside build_arg_defaults will be hard-coded into the Containerfile, so these values will persist if podman build is called manually.
If you specify the same variable in the CLI --build-arg flag, the CLI value takes higher precedence.
2.7.2. Definition dependencies
You can include dependencies that must be installed into the final image in the dependencies section of your definition file.
To avoid issues with your automation execution environment image, make sure that the entries for Galaxy, Python, and system point to a valid requirements file, or are valid content for their file types.
2.7.2.1. Galaxy
The galaxy entry points to a valid requirements file or includes inline content for the ansible-galaxy collection install -r … command.
The entry requirements.yml can be a relative path from the directory of the automation execution environment definition’s folder, or an absolute path.
The content might look like the following:
collections:
- community.aws
- kubernetes.core2.7.2.2. Python
The python entry in the definition file points to a valid requirements file or to an inline list of Python requirements in PEP508 format for the pip install -r … command.
The entry requirements.txt is a file that installs extra Python requirements on top of what the Collections already list as their Python dependencies. It might be listed as a relative path from the directory of the automation execution environment definition’s folder, or an absolute path. The contents of a requirements.txt file should be formatted as the following example, similar to the standard output from a pip freeze command.
The content might look like the following:
boto>=2.49.0
botocore>=1.12.249
pytz
python-dateutil>=2.7.0
awxkit
packaging
requests>=2.4.2
xmltodict
azure-cli-core==2.11.1
openshift>=0.6.2
requests-oauthlib
openstacksdk>=0.13
ovirt-engine-sdk-python>=4.4.102.7.2.3. System
The system entry in the definition points to a bindep requirements file or to an inline list of bindep entries, which install system-level dependencies that are outside of what the collections already include as their dependencies.
The system entry can be listed as a relative path from the directory of the automation execution environment definition’s folder, or as an absolute path. At a minimum, the collections must specify necessary requirements for [platform:rpm].
To demonstrate this, the following is an example bindep.txt file that adds the libxml2 and subversion packages to a container.
The content might look like the following:
libxml2-devel [platform:rpm]
subversion [platform:rpm]
Entries from multiple collections are combined into a single file. This is processed by bindep and then passed to dnf. Only requirements with no profiles or no runtime requirements will be installed to the image.
2.7.2.4. Images
The images section of the definition file identifies the base image. Verification of signed container images is supported with the podman container runtime.
The following table shows a list of values that you can use in images:
| Value | Description |
|---|---|
|
| Specifies the parent image for the automation execution environment which enables a new image to be built that is based on an existing image. This is typically a supported execution environment base image such as ee-minimal or ee-supported, but it can also be an execution environment image that you have created and want to customize further.
A
The default image is |
2.8. Additional build files
You can add any external file to the build context directory by referring or copying them to the additional_build_files section of the definition file. The format is a list of dictionary values, each with a src and dest key and value.
Each list item must be a dictionary containing the following required keys:
src-
Specifies the source files to copy into the build context directory. This can be an absolute path (for example,
/home/user/.ansible.cfg), or a path that is relative to the execution environment file. Relative paths can be glob expressions matching one or more files (for example,files/*.cfg).
Absolute paths cannot include a regular expression. If src is a directory, the entire contents of that directory are copied to dest.
dest-
Specifies a subdirectory path underneath the
_buildsubdirectory of the build context directory that contains the source files (for example,files/configs). This cannot be an absolute path or contain..within the path. Ansible Builder creates this directory for you if it does not already exist.
2.9. Additional custom build steps
You can specify custom build commands for any build phase in the additional_build_steps section of the definition file. This allows fine-grained control over the build phases.
Use the prepend_ and append_ commands to add directives to the Containerfile that run either before or after the main build steps are executed. The commands must conform to any rules required for the runtime system.
See the following table for a list of values that can be used in additional_build_steps:
| Value | Description |
|---|---|
|
| You can insert commands before building the base image. |
|
| You can insert commands after building the base image. |
|
| You can insert commands before building the galaxy image. |
|
| You can insert commands after building the galaxy image. |
|
| You can insert commands before building the Python builder image. |
|
| You can insert commands after building the Python builder image. |
|
| You can insert commands before building the final image. |
|
| You can insert commands after building the final image. |
The syntax for additional_build_steps supports both multi-line strings and lists. See the following examples:
Example 2.1. A multi-line string entry
prepend_final: |
RUN whoami
RUN cat /etc/os-releaseExample 2.2. A list entry
append_final:
- RUN echo This is a post-install command!
- RUN ls -la /etcExample 2.3. Copying arbitrary files to execution environments
additional_build_files:
# copy arbitrary files next to this EE def into the build context - we can refer to them later...
- src: files/rootCA.crt
dest: configs
additional_build_steps:
prepend_base:
# copy a custom CA cert into the base image and recompute the trust database
# because this is in "base", all stages will inherit (including the final EE)
- COPY _build/configs/rootCA.crt /usr/share/pki/ca-trust-source/anchors
- RUN update-ca-trust
The additional_build_files section enable you to add rootCA.crt to the build context directory. When this file is copied to the build context directory, it can be used in the build process. To use the file, copy it from the build context directory by using the COPY directive specified in the prepend_base step of the additional_build_steps section. You can perform any action based upon the copied file, such as in this example updating dynamic configuration of CA certificates by running RUN update-ca-trust.
2.9.1. Build execution environments with environment variables
The following example file specifies environment variables that might be required for the build process.
To achieve this functionality it uses the ENV variable definition in the prepend_base step of the additional_build_steps section.
-
additional_build_steps:
prepend_base:
- ENV FOO=bar
- RUN echo $FOO > /tmp/file1.txtThe same environment variables can be used in the later stage of the build process.
2.9.2. Building execution environments with environment variables for Galaxy configuration
Ansible Builder schema 3 enables you to perform complex scenarios such as specifying custom Galaxy configurations.
You can use this approach to pass sensitive information, such as authentication tokens, into the execution environment build without leaking them into the final execution environment image.
The following example uses Ansible Galaxy Server environment variables.
additional_build_steps:
prepend_galaxy:
# Environment variables used for Galaxy client configurations
- ENV ANSIBLE_GALAXY_SERVER_LIST=automation_hub
- ENV ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_URL=https://console.redhat.com/api/automation-hub/content/published/
- ENV ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_AUTH_URL=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
# define a custom build arg env passthru - we still also have to pass
# `--build-arg ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN` to get it to pick it up from the env
- ARG ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN
options:
package_manager_path: /usr/bin/microdnf # downstream images use non-standard package manager
You can provide environment variables such as ANSIBLE_GALAXY_SERVER_LIST, ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_URL and ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_AUTH_URL using the ENV directive.
For security reasons, you must not store sensitive information in ANSIBLE_GALAXY_SERVER_AUTOMATION_HUB_TOKEN. You can use the ARG directive to receive sensitive information from the user as input.
-–build-args can be used to provide this information while invoking the ansible-builder command.
2.10. Updating execution environment image locations
Update your execution environment image locations to use images hosted on your private automation hub. You can use execution environments from your private registry instead of the default registry.
Procedure
- Log in to Ansible Automation Platform.
Create a container registry credential for your private automation hub:
-
From the navigation panel, select
. - Click .
Enter your credential information:
-
Name: Enter a name, such as
Private Hub Registry. - Credential Type: Select Container Registry.
-
Authentication URL: Enter the URL of your private automation hub, such as
https://automationhub.example.org. - Username: Enter your private automation hub username.
- Password or Token: Enter your private automation hub password or authentication token.
- Verify SSL: Clear this checkbox if your private automation hub uses self-signed certificates.
-
Name: Enter a name, such as
- Click .
-
From the navigation panel, select
Update the default execution environments to use images from your private automation hub:
-
From the navigation panel, select
. -
Locate the Default execution environment and click
to edit it.
-
In the Image field, update the image path to point to your private automation hub, such as
automationhub.example.org/ee-supported-rhel9:latest. - In the Registry Credential field, select the container registry credential that you created.
- Click .
-
Locate the Minimal execution environment and click
to edit it.
-
In the Image field, update the image path to point to your private automation hub, such as
automationhub.example.org/ee-minimal-rhel9:latest. - In the Registry Credential field, select the container registry credential that you created.
- Click .
- Repeat these steps for any other execution environments that you want to update to use images from your private automation hub.
-
From the navigation panel, select
Verification
-
From the navigation panel, select
. - Verify that your private automation hub execution environments appear in the list.
- Optional: Create a test job template that uses one of the new execution environments and run it to confirm that automation controller can successfully pull and use the image from your private automation hub.
Additional resources
2.11. Optional build command arguments
The -t flag will tag your automation execution environment image with a specific name. For example, the following command builds an image named my_first_ee_image:
$ ansible-builder build -t my_first_ee_image
If you do not use -t with build, an image called ansible-execution-env is created and loaded into the local container registry.
If you have multiple definition files, you can specify which one to use by including the -f flag:
$ ansible-builder build -f another-definition-file.yml -t another_ee_image
In this example, Ansible Builder uses the specifications provided in the file named another-definition-file.yml instead of the default execution-environment.yml to build an automation execution environment image named another_ee_image.
For other specifications and flags that you can use with the build command, enter ansible-builder build --help to see a list of additional options.
2.12. Containerfile
After you have created your definition file, Ansible Builder reads and validates it, creates a Containerfile and container build context, and optionally passes these to Podman to build your automation execution environment image.
The container build occurs in several distinct stages: base , galaxy, builder, and final. The image build steps (along with any corresponding custom prepend_ and append_ steps defined in additional_build_steps) are:
-
During the
basebuild stage, the specified base image is (optionally) customized with components required by other build stages, including Python,pip,ansible-core, andansible-runner. The resulting image is then validated to ensure that the required components are available (as they can have already been present in the base image). Ephemeral copies of the resulting customizedbaseimage are used as the base for all other build stages. -
During the
galaxybuild stage, collections specified by the definition file are downloaded and stored for later installation during thefinalbuild stage. Python and system dependencies declared by the collections, if any, are also collected for later analysis. -
During the
builderbuild stage, Python dependencies declared by collections are merged with those listed in the definition file. This final set of Python dependencies is downloaded and built as Python wheels and stored for later installation during thefinalbuild stage. -
During the
finalbuild stage, the previously-downloaded collections are installed, along with system packages and any previously-built Python packages that were declared as dependencies by the collections or listed in the definition file.
2.13. Creating a Containerfile without building an image
If you are required to use shared container images built in sandboxed environments for security reasons, you can create a shareable Containerfile.
$ ansible-builder create2.14. Example YAML file to build an image
The 'ansible-builder' build command takes an execution environment definition as an input. It outputs the build context necessary for building an execution environment image, and then builds that image.
The image can be re-built with the build context elsewhere, and produces the same result. By default, the builder searches for a file named execution-environment.yml in the current directory.
The following example execution-environment.yml file can be used as a starting point:
version: 3
dependencies:
galaxy: requirements.yml
The content of requirements.yml:
---
collections:
- name: awx.awx
To build an execution environment using the preceding files and run the following command:
ansible-builder build
...
STEP 7: COMMIT my-awx-ee
--> 09c930f5f6a
09c930f5f6ac329b7ddb321b144a029dbbfcc83bdfc77103968b7f6cdfc7bea2
Complete! The build context can be found at: contextIn addition to producing a ready-to-use container image, the build context is preserved. This can be rebuilt at a different time or location with the tools of your choice, such as docker build or Podman build.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}