From d2e9df79bd37e3d38e3b7931c0c9f016ca50958b Mon Sep 17 00:00:00 2001 From: Ally Smith Date: Wed, 3 Apr 2019 14:17:50 -0500 Subject: [PATCH 01/15] make jenkinsfile serve private and public docs After a couple of Jenkins-based mix-ups it became obvious we needed a Jenkinsfile that would serve both public and private projects, that we could move between repos without worry. This Jenkinsfile knows which images to build and push and which swarm services to update because of the use of git_url and branch conditions. --- Jenkinsfile | 114 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 97 insertions(+), 17 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a678cad13d..3b54bd3e61 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,3 @@ -def dtrVpnAddress = "vpn.corp-us-east-1.aws.dckr.io" -def ucpBundle = [file(credentialsId: "ucp-bundle", variable: 'UCP')] -def slackString = [string(credentialsId: 'slack-docs-webhook', variable: 'slack')] def reg = [credentialsId: 'csebuildbot', url: 'https://index.docker.io/v1/'] pipeline { @@ -9,15 +6,102 @@ pipeline { timeout(time: 1, unit: 'HOURS') } stages { + stage( 'docker.github.io' ) { + agent { + label 'ubuntu-1604-aufs-stable' + } + environment { + DTR_VPN_ADDRESS = credentials('dtr-vpn-address') + DOCKER_HOST_STRING = credentials('docker-host') + UCP_BUNDLE = credentials('ucp-bundle') + SLACK = credentials('slack-docs-webhook') + } + when { + expression { env.GIT_URL == 'https://github.com/Docker/docker.github.io.git' } + } + stages { + stage( 'build and push stage image' ) { + when { + branch 'master' + } + steps { + withDockerRegistry(reg) { + sh """ + docker image build --tag docs/docker.github.io:stage-${env.BUILD_NUMBER} . && \ + docker image push docs/docker.github.io:stage-${env.BUILD_NUMBER} + """ + } + } + } + stage( 'build and push prod image' ) { + when { + branch 'published' + } + steps { + withDockerRegistry(reg) { + sh """ + docker image build --tag docs/docker.github.io:prod-${env.BUILD_NUMBER} . && \ + docker image push docs/docker.github.io:prod-${env.BUILD_NUMBER} + """ + } + } + } + stage( 'update docs stage' ) { + when { + branch 'master' + } + steps { + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" + withDockerRegistry(reg) { + sh """ + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image docs/docker.github.io:stage-${env.BUILD_NUMBER} docs-stage-docker-com_docs --with-registry-auth + """ + } + } + } + } + stage( 'update docs prod' ) { + when { + branch 'published' + } + steps { + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" + withDockerRegistry(reg) { + sh """ + cd ucp-bundle-success_bot + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image docs/docker.github.io:prod-${env.BUILD_NUMBER} docs-docker-com_docs --with-registry-auth + curl -X POST -H 'Content-type: application/json' --data '{"text":"Successfully published docs. https://docs.docker.com/"}' $SLACK + """ + } + } + } + } + } + } stage( 'docs-private' ) { agent { label 'ubuntu-1604-aufs-stable' } - when { - expression { env.GIT_URL == 'https://github.com/docker/docs-private.git' } + environment { + DTR_VPN_ADDRESS = credentials('dtr-vpn-address') + DOCKER_HOST_STRING = credentials('docker-host') + UCP_BUNDLE = credentials('ucp-bundle') } + when { + expression { env.GIT_URL == "https://github.com/docker/docs-private.git" } + } stages { - stage( 'build and push new beta-stage image' ) { + stage( 'build and push new beta stage image' ) { when { branch 'amberjack' } @@ -43,21 +127,19 @@ pipeline { } } } - stage( 'update beta-stage service' ) { + stage( 'update beta stage service' ) { when { branch 'amberjack' } steps { - withVpn(dtrVpnAddress) { - withCredentials(ucpBundle) { - sh 'unzip -o $UCP' - } + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" withDockerRegistry(reg) { sh """ export DOCKER_TLS_VERIFY=1 export COMPOSE_TLS_VERSION=TLSv1_2 export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=tcp://ucp.corp-us-east-1.aws.dckr.io:443 + export DOCKER_HOST=$DOCKER_HOST_STRING docker service update --detach=false --force --image docs/docs-private:beta-stage-${env.BUILD_NUMBER} docs-beta-stage-docker-com_docs --with-registry-auth """ } @@ -69,16 +151,14 @@ pipeline { branch 'published' } steps { - withVpn(dtrVpnAddress) { - withCredentials(ucpBundle) { - sh 'unzip -o $UCP' - } + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" withDockerRegistry(reg) { sh """ export DOCKER_TLS_VERIFY=1 export COMPOSE_TLS_VERSION=TLSv1_2 export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=tcp://ucp.corp-us-east-1.aws.dckr.io:443 + export DOCKER_HOST=$DOCKER_HOST_STRING docker service update --detach=false --force --image docs/docs-private:beta-${env.BUILD_NUMBER} docs-beta-docker-com_docs --with-registry-auth """ } From 88f14ae4cc3884533e08ed433a460299f77a2624 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Mon, 22 Apr 2019 18:20:04 -0600 Subject: [PATCH 02/15] Sync published with master (#8693) * Adding Azure note (#8566) * Adding Azure note * Rephrase additional line and update link * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Fix grammar on the 2nd pre-req, and did markdown formatting on the rest :) * Correct Pod-CIDR Warning * Content cleanup Please check that I haven't changed the meaning of the updated prerequisites. * Create a new section on configuring the IP Count value, also responded to feedback from Follis, Steve R and Xinfeng. * Incorporated Steven F's feedback and Issue 8551 * Provide a warning when setting a small IP Count variable * Final edits * Update install-on-azure.md * Following feedback I have expanded on the 0644 azure.json file permissions and Added the --existing-config file to the UCP install command * Removed Orchestrator Tag Pre Req from Azure Docs * Clarifying need for 0644 permissions * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Published (#8674) * add slack webhook to Jenkinsfile * make jenkinsfile serve private and public docs After a couple of Jenkins-based mix-ups it became obvious we needed a Jenkinsfile that would serve both public and private projects, that we could move between repos without worry. This Jenkinsfile knows which images to build and push and which swarm services to update because of the use of git_url and branch conditions. * Sync published with master (#8619) * Update install.md add note: 8 character password minimum length * Include Ubuntu version in Dockerfile more recent versions of Ubuntu don't work with the given Dockerfile * Updated the 3.1.4 release notes to include Centos 7.6 support * Remove redundant "be" * Update the "role-based access control" link On page "https://docs.docker.com/ee/ucp/user-access/", update the hyperlink "role-based access control" to point to "https://docs.docker.com/ee/ucp/authorization/" instead of "https://docs.docker.com/ee/access-control". * Add UCP user password limitation * Revert "Updated the UCP 3.1.4 release notes to include Centos 7.6 support" * Adding emphasis on Static IP requirement (#7276) * Adding emphasis on Static IP requirement We had a customer (00056641) who changed IPs like this all at once, and they are in a messy status. We should make it clear that static IP is absolutely required. ```***-ucp-0-dw original="10.15.89.6" updated="10.15.89.7" ***-ucp-1-dw original="10.15.89.5" updated="10.15.89.6" ***-ucp-2-dw original="10.15.89.7" updated="10.15.89.5" ``` * Link to prod requirement of static IP addresses * Adding warning about layer7 config (#8617) * Adding warning about layer7 config Adding warning about layer7 config not being included in the backup * Text edit * Sync published with master (#8673) * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Fix grammar on the 2nd pre-req, and did markdown formatting on the rest :) * Correct Pod-CIDR Warning * Content cleanup Please check that I haven't changed the meaning of the updated prerequisites. * Create a new section on configuring the IP Count value, also responded to feedback from Follis, Steve R and Xinfeng. * Incorporated Steven F's feedback and Issue 8551 * Provide a warning when setting a small IP Count variable * Final edits * Update install-on-azure.md * Following feedback I have expanded on the 0644 azure.json file permissions and Added the --existing-config file to the UCP install command * Removed Orchestrator Tag Pre Req from Azure Docs * Clarifying need for 0644 permissions * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Trying to fix command rendering of '--format "{{ .Names }}"' (#8678) * Trying to fix command rendering of '--format "{{ .Names }}"' --format "{{ .Names }}" is showing up in the markup but is rendering as --format "" in the published version. Added {% raw %} tags to try to fix. * Fixed heading inconsistency * Trying to fix command rendering of '--format "{{ .Names }}"' (#8677) * Trying to fix command rendering of '--format "{{ .Names }}"' --format "{{ .Names }}" is showing up in the markup but is rendering as --format "" in the published version. Added {% raw %} tags to try to fix. * Update concatenated to chained * Minor fix * interlock --> ucp-interlock (#8675) * interlock --> ucp-interlock * Fixed code samples - Use the latest UCP version and the latest ucp-interlock image - Leverage ucp page version Jekyll variable * Typo * Final syntax fix * Update backup.md * Removed Reference to Interlock Preview Image, and added relevant UCP Image Org and Tag * Fix syntax error which caused the master build to fail --- .../user/interlock/deploy/configuration-reference.md | 4 ++-- .../guides/user/interlock/usage/service-clusters.md | 10 +++++----- ee/dtr/admin/disaster-recovery/create-a-backup.md | 1 + ee/ucp/interlock/config/host-mode-networking.md | 6 +++--- ee/ucp/interlock/config/index.md | 4 ++-- ee/ucp/interlock/config/updates.md | 2 +- ee/ucp/interlock/deploy/index.md | 10 +++++----- ee/ucp/interlock/deploy/offline-install.md | 11 ++++++----- ee/ucp/interlock/usage/service-clusters.md | 2 +- 9 files changed, 26 insertions(+), 24 deletions(-) diff --git a/datacenter/ucp/3.0/guides/user/interlock/deploy/configuration-reference.md b/datacenter/ucp/3.0/guides/user/interlock/deploy/configuration-reference.md index daf93c97c3..ffdcfbf82b 100644 --- a/datacenter/ucp/3.0/guides/user/interlock/deploy/configuration-reference.md +++ b/datacenter/ucp/3.0/guides/user/interlock/deploy/configuration-reference.md @@ -22,11 +22,11 @@ PollInterval = "3s" [Extensions] [Extensions.default] - Image = "docker/ucp-interlock-extension:3.0.1" + Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" ServiceName = "ucp-interlock-extension" Args = [] Constraints = ["node.labels.com.docker.ucp.orchestrator.swarm==true", "node.platform.os==linux"] - ProxyImage = "docker/ucp-interlock-proxy:3.0.1" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyServiceName = "ucp-interlock-proxy" ProxyConfigPath = "/etc/nginx/nginx.conf" ProxyReplicas = 2 diff --git a/datacenter/ucp/3.0/guides/user/interlock/usage/service-clusters.md b/datacenter/ucp/3.0/guides/user/interlock/usage/service-clusters.md index b5baf30a55..c2d1f2ce9d 100644 --- a/datacenter/ucp/3.0/guides/user/interlock/usage/service-clusters.md +++ b/datacenter/ucp/3.0/guides/user/interlock/usage/service-clusters.md @@ -49,10 +49,10 @@ PollInterval = "3s" [Extensions] [Extensions.us-east] - Image = "interlockpreview/interlock-extension-nginx:2.0.0-preview" + Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" Args = ["-D"] ServiceName = "interlock-ext-us-east" - ProxyImage = "nginx:alpine" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyArgs = [] ProxyServiceName = "interlock-proxy-us-east" ProxyConfigPath = "/etc/nginx/nginx.conf" @@ -74,10 +74,10 @@ PollInterval = "3s" proxy_region = "us-east" [Extensions.us-west] - Image = "interlockpreview/interlock-extension-nginx:2.0.0-preview" + Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" Args = ["-D"] ServiceName = "interlock-ext-us-west" - ProxyImage = "nginx:alpine" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyArgs = [] ProxyServiceName = "interlock-proxy-us-west" ProxyConfigPath = "/etc/nginx/nginx.conf" @@ -119,7 +119,7 @@ $> docker service create \ --network interlock \ --constraint node.role==manager \ --config src=service.interlock.conf,target=/config.toml \ - interlockpreview/interlock:2.0.0-preview -D run -c /config.toml + { page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} -D run -c /config.toml sjpgq7h621exno6svdnsvpv9z ``` diff --git a/ee/dtr/admin/disaster-recovery/create-a-backup.md b/ee/dtr/admin/disaster-recovery/create-a-backup.md index 38b0902e7b..ed26b99be3 100644 --- a/ee/dtr/admin/disaster-recovery/create-a-backup.md +++ b/ee/dtr/admin/disaster-recovery/create-a-backup.md @@ -132,6 +132,7 @@ recommended for that system. To create a DTR backup, load your UCP client bundle, and run the following chained commands: +{% raw %} ```none DTR_VERSION=$(docker container inspect $(docker container ps -f name=dtr-registry -q) | \ grep -m1 -Po '(?<=DTR_VERSION=)\d.\d.\d'); \ diff --git a/ee/ucp/interlock/config/host-mode-networking.md b/ee/ucp/interlock/config/host-mode-networking.md index 152fb7b97a..2307f095a4 100644 --- a/ee/ucp/interlock/config/host-mode-networking.md +++ b/ee/ucp/interlock/config/host-mode-networking.md @@ -143,10 +143,10 @@ PollInterval = "3s" [Extensions] [Extensions.default] - Image = "interlockpreview/interlock-extension-nginx:2.0.0-preview" + Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" Args = [] ServiceName = "interlock-ext" - ProxyImage = "nginx:alpine" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyArgs = [] ProxyServiceName = "interlock-proxy" ProxyConfigPath = "/etc/nginx/nginx.conf" @@ -177,7 +177,7 @@ $> docker service create \ --constraint node.role==manager \ --publish mode=host,target=8080 \ --config src=service.interlock.conf,target=/config.toml \ - interlockpreview/interlock:2.0.0-preview -D run -c /config.toml + { page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} -D run -c /config.toml sjpgq7h621exno6svdnsvpv9z ``` diff --git a/ee/ucp/interlock/config/index.md b/ee/ucp/interlock/config/index.md index e38ba7bc4b..f531e28952 100644 --- a/ee/ucp/interlock/config/index.md +++ b/ee/ucp/interlock/config/index.md @@ -173,10 +173,10 @@ DockerURL = "unix:///var/run/docker.sock" PollInterval = "3s" [Extensions.default] - Image = "docker/interlock-extension-nginx:latest" + Image = "{{ page.ucp_org }}/interlock-extension-nginx:{{ page.ucp_version }}" Args = ["-D"] ServiceName = "interlock-ext" - ProxyImage = "nginx:alpine" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyArgs = [] ProxyServiceName = "interlock-proxy" ProxyConfigPath = "/etc/nginx/nginx.conf" diff --git a/ee/ucp/interlock/config/updates.md b/ee/ucp/interlock/config/updates.md index 44cc163f0f..cca9967d0b 100644 --- a/ee/ucp/interlock/config/updates.md +++ b/ee/ucp/interlock/config/updates.md @@ -84,6 +84,6 @@ performs a rolling deploy to update all extensions. ```bash $> docker service update \ - --image docker/ucp-interlock:{{ page.ucp_version }} \ + --image { page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} \ ucp-interlock ``` diff --git a/ee/ucp/interlock/deploy/index.md b/ee/ucp/interlock/deploy/index.md index f282b28c64..0843ad7719 100644 --- a/ee/ucp/interlock/deploy/index.md +++ b/ee/ucp/interlock/deploy/index.md @@ -134,9 +134,9 @@ PollInterval = "3s" [Extensions] [Extensions.default] - Image = "interlockpreview/interlock-extension-nginx:2.0.0-preview" + Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" Args = ["-D"] - ProxyImage = "nginx:alpine" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyArgs = [] ProxyConfigPath = "/etc/nginx/nginx.conf" ProxyReplicas = 1 @@ -178,7 +178,7 @@ $> docker service create \ --network interlock \ --constraint node.role==manager \ --config src=service.interlock.conf,target=/config.toml \ - interlockpreview/interlock:2.0.0-preview -D run -c /config.toml + {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} -D run -c /config.toml sjpgq7h621exno6svdnsvpv9z ``` @@ -189,8 +189,8 @@ one for the extension service, and one for the proxy service: $> docker service ls ID NAME MODE REPLICAS IMAGE PORTS lheajcskcbby modest_raman replicated 1/1 nginx:alpine *:80->80/tcp *:443->443/tcp -oxjvqc6gxf91 keen_clarke replicated 1/1 interlockpreview/interlock-extension-nginx:2.0.0-preview -sjpgq7h621ex interlock replicated 1/1 interlockpreview/interlock:2.0.0-preview +oxjvqc6gxf91 keen_clarke replicated 1/1 {{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }} +sjpgq7h621ex interlock replicated 1/1 {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} ``` The Interlock traffic layer is now deployed. diff --git a/ee/ucp/interlock/deploy/offline-install.md b/ee/ucp/interlock/deploy/offline-install.md index 4b27f8c4c5..c9b9d49b5e 100644 --- a/ee/ucp/interlock/deploy/offline-install.md +++ b/ee/ucp/interlock/deploy/offline-install.md @@ -10,13 +10,14 @@ engine and then loading them to the Docker Swarm cluster. First, using an existing Docker engine, save the images: ```bash -$> docker save docker/interlock:latest > interlock.tar -$> docker save docker/interlock-extension-nginx:latest > interlock-extension-nginx.tar -$> docker save nginx:alpine > nginx.tar +$> docker save {{ page.ucp_org }}/ucp-interlock:{{ page.ucp_version }} > interlock.tar +$> docker save {{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }} > interlock-extension-nginx.tar +$> docker save {{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }} > nginx.tar ``` -Note: replace `docker/interlock-extension-nginx:latest` and `nginx:alpine` with the corresponding -extension and proxy image if you are not using Nginx. +Note: replace `{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version +}}` and `{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}` with the +corresponding extension and proxy image if you are not using Nginx. You should have the following two files: diff --git a/ee/ucp/interlock/usage/service-clusters.md b/ee/ucp/interlock/usage/service-clusters.md index 181ad9bcfb..3f0432f3f9 100644 --- a/ee/ucp/interlock/usage/service-clusters.md +++ b/ee/ucp/interlock/usage/service-clusters.md @@ -161,7 +161,7 @@ PollInterval = "3s" Image = "{{ page.ucp_org }}/ucp-interlock-extension:{{ page.ucp_version }}" Args = [] ServiceName = "ucp-interlock-extension-us-west" - ProxyImage = "docker/ucp-interlock-proxy:3.1.2" + ProxyImage = "{{ page.ucp_org }}/ucp-interlock-proxy:{{ page.ucp_version }}" ProxyArgs = [] ProxyServiceName = "ucp-interlock-proxy-us-west" ProxyConfigPath = "/etc/nginx/nginx.conf" From 145eab42c11c7aff17369ff14c478cb8ec85c723 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Mon, 22 Apr 2019 18:53:09 -0600 Subject: [PATCH 03/15] Sync published with master (#8695) * Sync published with master (#8693) (#8694) * Adding Azure note (#8566) * Adding Azure note * Rephrase additional line and update link * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Fix grammar on the 2nd pre-req, and did markdown formatting on the rest :) * Correct Pod-CIDR Warning * Content cleanup Please check that I haven't changed the meaning of the updated prerequisites. * Create a new section on configuring the IP Count value, also responded to feedback from Follis, Steve R and Xinfeng. * Incorporated Steven F's feedback and Issue 8551 * Provide a warning when setting a small IP Count variable * Final edits * Update install-on-azure.md * Following feedback I have expanded on the 0644 azure.json file permissions and Added the --existing-config file to the UCP install command * Removed Orchestrator Tag Pre Req from Azure Docs * Clarifying need for 0644 permissions * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Published (#8674) * add slack webhook to Jenkinsfile * make jenkinsfile serve private and public docs After a couple of Jenkins-based mix-ups it became obvious we needed a Jenkinsfile that would serve both public and private projects, that we could move between repos without worry. This Jenkinsfile knows which images to build and push and which swarm services to update because of the use of git_url and branch conditions. * Sync published with master (#8619) * Update install.md add note: 8 character password minimum length * Include Ubuntu version in Dockerfile more recent versions of Ubuntu don't work with the given Dockerfile * Updated the 3.1.4 release notes to include Centos 7.6 support * Remove redundant "be" * Update the "role-based access control" link On page "https://docs.docker.com/ee/ucp/user-access/", update the hyperlink "role-based access control" to point to "https://docs.docker.com/ee/ucp/authorization/" instead of "https://docs.docker.com/ee/access-control". * Add UCP user password limitation * Revert "Updated the UCP 3.1.4 release notes to include Centos 7.6 support" * Adding emphasis on Static IP requirement (#7276) * Adding emphasis on Static IP requirement We had a customer (00056641) who changed IPs like this all at once, and they are in a messy status. We should make it clear that static IP is absolutely required. ```***-ucp-0-dw original="10.15.89.6" updated="10.15.89.7" ***-ucp-1-dw original="10.15.89.5" updated="10.15.89.6" ***-ucp-2-dw original="10.15.89.7" updated="10.15.89.5" ``` * Link to prod requirement of static IP addresses * Adding warning about layer7 config (#8617) * Adding warning about layer7 config Adding warning about layer7 config not being included in the backup * Text edit * Sync published with master (#8673) * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Fix grammar on the 2nd pre-req, and did markdown formatting on the rest :) * Correct Pod-CIDR Warning * Content cleanup Please check that I haven't changed the meaning of the updated prerequisites. * Create a new section on configuring the IP Count value, also responded to feedback from Follis, Steve R and Xinfeng. * Incorporated Steven F's feedback and Issue 8551 * Provide a warning when setting a small IP Count variable * Final edits * Update install-on-azure.md * Following feedback I have expanded on the 0644 azure.json file permissions and Added the --existing-config file to the UCP install command * Removed Orchestrator Tag Pre Req from Azure Docs * Clarifying need for 0644 permissions * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Trying to fix command rendering of '--format "{{ .Names }}"' (#8678) * Trying to fix command rendering of '--format "{{ .Names }}"' --format "{{ .Names }}" is showing up in the markup but is rendering as --format "" in the published version. Added {% raw %} tags to try to fix. * Fixed heading inconsistency * Trying to fix command rendering of '--format "{{ .Names }}"' (#8677) * Trying to fix command rendering of '--format "{{ .Names }}"' --format "{{ .Names }}" is showing up in the markup but is rendering as --format "" in the published version. Added {% raw %} tags to try to fix. * Update concatenated to chained * Minor fix * interlock --> ucp-interlock (#8675) * interlock --> ucp-interlock * Fixed code samples - Use the latest UCP version and the latest ucp-interlock image - Leverage ucp page version Jekyll variable * Typo * Final syntax fix * Update backup.md * Removed Reference to Interlock Preview Image, and added relevant UCP Image Org and Tag * Fix syntax error which caused the master build to fail * docs: fix typo in removal of named volumes (#8686) --- storage/volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/volumes.md b/storage/volumes.md index b3472f7680..1c5b42c570 100644 --- a/storage/volumes.md +++ b/storage/volumes.md @@ -512,7 +512,7 @@ testing using your preferred tools. A Docker data volume persists after a container is deleted. There are two types of volumes to consider: -- **Named volumes** have a specific source form outside the container, for example `awesome:/bar`. +- **Named volumes** have a specific source from outside the container, for example `awesome:/bar`. - **Anonymous volumes** have no specific source so when the container is deleted, instruct the Docker Engine daemon to remove them. ### Remove anonymous volumes From 04601b4e137e60b4628fddd0d164394356298baf Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Tue, 23 Apr 2019 18:01:31 -0600 Subject: [PATCH 04/15] Sync published with master (#8709) * Sync published with master (#8693) (#8694) * Adding Azure note (#8566) * Rephrase additional line and update link * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Published (#8674) * add slack webhook to Jenkinsfile * make jenkinsfile serve private and public docs After a couple of Jenkins-based mix-ups it became obvious we needed a Jenkinsfile that would serve both public and private projects, that we could move between repos without worry. This Jenkinsfile knows which images to build and push and which swarm services to update because of the use of git_url and branch conditions. * Sync published with master (#8619) * Update install.md add note: 8 character password minimum length * Include Ubuntu version in Dockerfile more recent versions of Ubuntu don't work with the given Dockerfile * Updated the 3.1.4 release notes to include Centos 7.6 support * Remove redundant "be" * Update the "role-based access control" link On page "https://docs.docker.com/ee/ucp/user-access/", update the hyperlink "role-based access control" to point to "https://docs.docker.com/ee/ucp/authorization/" instead of "https://docs.docker.com/ee/access-control". * Add UCP user password limitation * Revert "Updated the UCP 3.1.4 release notes to include Centos 7.6 support" * Adding emphasis on Static IP requirement (#7276) * Adding emphasis on Static IP requirement We had a customer (00056641) who changed IPs like this all at once, and they are in a messy status. We should make it clear that static IP is absolutely required. ```***-ucp-0-dw original="10.15.89.6" updated="10.15.89.7" ***-ucp-1-dw original="10.15.89.5" updated="10.15.89.6" ***-ucp-2-dw original="10.15.89.7" updated="10.15.89.5" ``` * Link to prod requirement of static IP addresses * Adding warning about layer7 config (#8617) * Adding warning about layer7 config Adding warning about layer7 config not being included in the backup * Text edit * Sync published with master (#8673) * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Improved backup commands (#8597) * line 8; remove unnecessary a (#8672) * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Remove deadlink in the Interlock ToC (#8668) * Trying to fix command rendering of '--format "{{ .Names }}"' (#8678) * interlock --> ucp-interlock (#8675) * Fixed code samples - Use the latest UCP version and the latest ucp-interlock image - Leverage ucp page version Jekyll variable * Typo * Final syntax fix * Update backup.md * Removed Reference to Interlock Preview Image, and added relevant UCP Image Org and Tag * Fix syntax error which caused the master build to fail * docs: fix typo in removal of named volumes (#8686) * Updated the ToC for Upgrading Interlock * Update index.md (#8690) Fix typo - missing word. * Update bind-mounts.md (#8696) * Minor edits (#8708) * Minor edits - Standardized setting of replica ID as per @caervs - Fix broken link * Consistency edits - Standardized setting of replica ID - Added note that this command only works on Linux * Standardize replica setting - Update commands for creating tar files for local and NFS-mounted images --- _data/toc.yaml | 2 +- ee/dtr/admin/disaster-recovery/create-a-backup.md | 15 +++++++-------- reference/dtr/2.6/cli/backup.md | 7 ++++--- storage/bind-mounts.md | 4 ++-- storage/index.md | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index 67f7982d67..3b125c6b0b 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1318,7 +1318,7 @@ manuals: - title: Offline installation path: /ee/ucp/interlock/deploy/offline-install/ - title: Layer 7 routing upgrade - path: /ee/ucp/interlock/upgrade/ + path: /ee/ucp/interlock/deploy/upgrade/ - sectiontitle: Configuration section: - title: Configure your deployment diff --git a/ee/dtr/admin/disaster-recovery/create-a-backup.md b/ee/dtr/admin/disaster-recovery/create-a-backup.md index ed26b99be3..95373f2f77 100644 --- a/ee/dtr/admin/disaster-recovery/create-a-backup.md +++ b/ee/dtr/admin/disaster-recovery/create-a-backup.md @@ -103,8 +103,7 @@ and creating a `tar` archive of the [dtr-registry volume](../../architecture.md) {% raw %} ```none sudo tar -cf dtr-image-backup-$(date +%Y%m%d-%H_%M_%S).tar \ - /var/lib/docker/volumes/dtr-registry-$(docker ps --filter name=dtr-rethinkdb \ - --format "{{ .Names }}" | sed 's/dtr-rethinkdb-//') +/var/lib/docker/volumes/dtr-registry-$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-') ``` {% endraw %} @@ -113,8 +112,7 @@ sudo tar -cf dtr-image-backup-$(date +%Y%m%d-%H_%M_%S).tar \ {% raw %} ```none sudo tar -cf dtr-image-backup-$(date +%Y%m%d-%H_%M_%S).tar \ - /var/lib/docker/volumes/dtr-registry-nfs-$(docker ps --filter name=dtr-rethinkdb \ - --format "{{ .Names }}" | sed 's/dtr-rethinkdb-//') + /var/lib/docker/volumes/dtr-registry-nfs-$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-') ``` {% endraw %} @@ -130,14 +128,15 @@ recommended for that system. ### Back up DTR metadata To create a DTR backup, load your UCP client bundle, and run the following -chained commands: +command. + +#### Chained commands (Linux only) {% raw %} ```none DTR_VERSION=$(docker container inspect $(docker container ps -f name=dtr-registry -q) | \ grep -m1 -Po '(?<=DTR_VERSION=)\d.\d.\d'); \ -REPLICA_ID=$(docker ps --filter name=dtr-rethinkdb --format "{{ .Names }}" | head -1 | \ - sed 's|.*/||' | sed 's/dtr-rethinkdb-//'); \ +REPLICA_ID=$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-')); \ read -p 'ucp-url (The UCP URL including domain and port): ' UCP_URL; \ read -p 'ucp-username (The UCP administrator username): ' UCP_ADMIN; \ read -sp 'ucp password: ' UCP_PASSWORD; \ @@ -168,7 +167,7 @@ flag with `--ucp-insecure-tls`. Docker does not recommend this flag for producti 5. Includes DTR version and timestamp to your `tar` backup file. You can learn more about the supported flags in -the [reference documentation](/reference/dtr/2.6/cli/backup.md). +the [DTR backup reference documentation](/reference/dtr/2.6/cli/backup.md). By default, the backup command does not pause the DTR replica being backed up to prevent interruptions of user access to DTR. Since the replica diff --git a/reference/dtr/2.6/cli/backup.md b/reference/dtr/2.6/cli/backup.md index 3c0e213dcb..17b2a5de76 100644 --- a/reference/dtr/2.6/cli/backup.md +++ b/reference/dtr/2.6/cli/backup.md @@ -26,12 +26,13 @@ docker run -i --rm --log-driver none docker/dtr:{{ page.dtr_version }} \ #### Advanced (with chained commands) +The following command has been tested on Linux: + {% raw %} ```none DTR_VERSION=$(docker container inspect $(docker container ps -f \ name=dtr-registry -q) | grep -m1 -Po '(?<=DTR_VERSION=)\d.\d.\d'); \ -REPLICA_ID=$(docker ps --filter name=dtr-rethinkdb \ - --format "{{ .Names }}" | head -1 | sed 's|.*/||' | sed 's/dtr-rethinkdb-//'); \ +REPLICA_ID=$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-')); \ read -p 'ucp-url (The UCP URL including domain and port): ' UCP_URL; \ read -p 'ucp-username (The UCP administrator username): ' UCP_ADMIN; \ read -sp 'ucp password: ' UCP_PASSWORD; \ @@ -47,7 +48,7 @@ docker run --log-driver none -i --rm \ {% endraw %} For a detailed explanation on the advanced example, see -[Back up your DTR metadata](ee/dtr/admin/disaster-recovery/create-a-backup/#back-up-dtr-metadata). +[Back up your DTR metadata](/ee/dtr/admin/disaster-recovery/create-a-backup/#back-up-dtr-metadata). To learn more about the `--log-driver` option for `docker run`, see [docker run reference](/engine/reference/run/#logging-drivers---log-driver). ## Description diff --git a/storage/bind-mounts.md b/storage/bind-mounts.md index c8d69fd266..d20ca5f742 100644 --- a/storage/bind-mounts.md +++ b/storage/bind-mounts.md @@ -23,7 +23,7 @@ manage bind mounts. ![bind mounts on the Docker host](images/types-of-mounts-bind.png) -## Choosing the -v or --mount flag +## Choose the -v or --mount flag Originally, the `-v` or `--volume` flag was used for standalone containers and the `--mount` flag was used for swarm services. However, starting with Docker @@ -159,7 +159,7 @@ $ docker container stop devtest $ docker container rm devtest ``` -### Mounting into a non-empty directory on the container +### Mount into a non-empty directory on the container If you bind-mount into a non-empty directory on the container, the directory's existing contents are obscured by the bind mount. This can be beneficial, diff --git a/storage/index.md b/storage/index.md index 47a8d076b7..a82609311a 100644 --- a/storage/index.md +++ b/storage/index.md @@ -100,7 +100,7 @@ mounts is to think about where the data lives on the Docker host. information. For instance, internally, swarm services use `tmpfs` mounts to mount [secrets](/engine/swarm/secrets.md) into a service's containers. -Bind mounts and volumes can both mounted into containers using the `-v` or +Bind mounts and volumes can both be mounted into containers using the `-v` or `--volume` flag, but the syntax for each is slightly different. For `tmpfs` mounts, you can use the `--tmpfs` flag. However, in Docker 17.06 and higher, we recommend using the `--mount` flag for both containers and services, for From ea559a29bbf7623660419944df74e4b84fd450c4 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 25 Apr 2019 17:18:54 -0600 Subject: [PATCH 05/15] Sync published with master (#8727) * Sync published with master (#8693) (#8694) * Adding Azure note (#8566) * Revert "Netlify redirects interlock (#8595)" * UCP Install on Azure Patch (#8522) * Removed Orchestrator Tag Pre Req from Azure Docs * Clarifying need for 0644 permissions * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Published (#8674) * add slack webhook to Jenkinsfile * make jenkinsfile serve private and public docs After a couple of Jenkins-based mix-ups it became obvious we needed a Jenkinsfile that would serve both public and private projects, that we could move between repos without worry. This Jenkinsfile knows which images to build and push and which swarm services to update because of the use of git_url and branch conditions. * Sync published with master (#8619) * Update install.md add note: 8 character password minimum length * Include Ubuntu version in Dockerfile more recent versions of Ubuntu don't work with the given Dockerfile * Updated the 3.1.4 release notes to include Centos 7.6 support * Remove redundant "be" * Update the "role-based access control" link On page "https://docs.docker.com/ee/ucp/user-access/", update the hyperlink "role-based access control" to point to "https://docs.docker.com/ee/ucp/authorization/" instead of "https://docs.docker.com/ee/access-control". * Add UCP user password limitation * Revert "Updated the UCP 3.1.4 release notes to include Centos 7.6 support" * Adding emphasis on Static IP requirement (#7276) * Adding emphasis on Static IP requirement We had a customer (00056641) who changed IPs like this all at once, and they are in a messy status. We should make it clear that static IP is absolutely required. ```***-ucp-0-dw original="10.15.89.6" updated="10.15.89.7" ***-ucp-1-dw original="10.15.89.5" updated="10.15.89.6" ***-ucp-2-dw original="10.15.89.7" updated="10.15.89.5" ``` * Link to prod requirement of static IP addresses * Adding warning about layer7 config (#8617) * Adding warning about layer7 config Adding warning about layer7 config not being included in the backup * Text edit * Sync published with master (#8673) * Revert "Netlify redirects interlock (#8595)" This reverts commit a7793edc746fc3374f1b4a637bf4d528dd2bbcef. * UCP Install on Azure Patch (#8522) * Fix grammar on the 2nd pre-req, and did markdown formatting on the rest :) * Correct Pod-CIDR Warning * Content cleanup Please check that I haven't changed the meaning of the updated prerequisites. * Create a new section on configuring the IP Count value, also responded to feedback from Follis, Steve R and Xinfeng. * Incorporated Steven F's feedback and Issue 8551 * Provide a warning when setting a small IP Count variable * Final edits * Update install-on-azure.md * Following feedback I have expanded on the 0644 azure.json file permissions and Added the --existing-config file to the UCP install command * Removed Orchestrator Tag Pre Req from Azure Docs * Clarifying need for 0644 permissions * Improved backup commands (#8597) * Improved backup commands DTR image backup command improvements: 1. Local and NFS mount image backup commands were invalid (incorrectly used -C flag). Replaced them with commands that work. 2. The new commands automatically populate the correct replica ID and add a datestamp to the backup filename. DTR Metadata backup command improvements: DTR metadata backups are more difficult than they need to be and generate many support tickets. I updated the DTR command to avoid common user pitfalls: 1. The prior metadata backup command was subject to user error. Improved the command to automatically collect the DTR version and select a replica. 2. Improved security of the command by automatically collecting UCP CA certificate for verification rather than using --ucp-insecure-tls flag. 3. Improved the backup filename by adding the backed-up version information and date of backup. Knowledge of the version information is required for restoring a backup. 4. Described these improvements for the user. Image backup commands were tested with local and NFS image storage. The metadata backup command was tested by running it directly on a DTR node and through a UCP client bundle with multiple replicas. * Technical and editorial review * More edits * line 8; remove unnecessary a (#8672) * line 8; remove unnecessary a * Minor edit * Updated the UCP Logging page to include UCP 3.1 screenshots (#8646) * Added examples (#8599) * Added examples Added examples with more detail and automation to help customers backup DTR without creating support tickets. * Linked to explanation of example command @omegamormegil I removed the example with prepopulated fields, as I think it doesn't add much, and will only add confusion. Users who need this much detail can run the basic command and follow the terminal prompts. We can re-add in a follow-up PR, if you think that example is crucial to this page. * Remove deadlink in the Interlock ToC (#8668) * Found a deadlink in the Interlock ToC * Added Redirect * Trying to fix command rendering of '--format "{{ .Names }}"' (#8678) * Trying to fix command rendering of '--format "{{ .Names }}"' --format "{{ .Names }}" is showing up in the markup but is rendering as --format "" in the published version. Added {% raw %} tags to try to fix. * Fixed heading inconsistency * Trying to fix command rendering of '--format "{{ .Names }}"' (#8677) * Trying to fix command rendering of '--format "{{ .Names }}"' --format "{{ .Names }}" is showing up in the markup but is rendering as --format "" in the published version. Added {% raw %} tags to try to fix. * Update concatenated to chained * Minor fix * interlock --> ucp-interlock (#8675) * interlock --> ucp-interlock * Fixed code samples - Use the latest UCP version and the latest ucp-interlock image - Leverage ucp page version Jekyll variable * Typo * Final syntax fix * Update backup.md * Removed Reference to Interlock Preview Image, and added relevant UCP Image Org and Tag * Fix syntax error which caused the master build to fail * docs: fix typo in removal of named volumes (#8686) * Updated the ToC for Upgrading Interlock * Removed the Previous Interlock SSL Page * Moved Redirect to latest page * Update index.md (#8690) Fix typo - missing word. * Update bind-mounts.md (#8696) * Minor edits (#8708) * Minor edits - Standardized setting of replica ID as per @caervs - Fix broken link * Consistency edits - Standardized setting of replica ID - Added note that this command only works on Linux * Standardize replica setting - Update commands for creating tar files for local and NFS-mounted images * Fixed broken 'important changes' link (#8721) * Interlock fix - remove haproxy and custom template files (#8722) * Removed haproxy and custom template info * Delete file * Delete file * Render DTR version (#8726) --- _data/toc.yaml | 6 - .../3.0/guides/user/interlock/usage/tls.md | 2 - ee/ucp/interlock/config/custom-template.md | 304 ------------------ ee/ucp/interlock/config/haproxy-config.md | 28 -- ee/ucp/interlock/usage/ssl.md | 224 ------------- ee/ucp/interlock/usage/tls.md | 2 + engine/release-notes.md | 2 +- reference/dtr/2.6/cli/backup.md | 2 +- 8 files changed, 4 insertions(+), 566 deletions(-) delete mode 100644 ee/ucp/interlock/config/custom-template.md delete mode 100644 ee/ucp/interlock/config/haproxy-config.md delete mode 100644 ee/ucp/interlock/usage/ssl.md diff --git a/_data/toc.yaml b/_data/toc.yaml index 3b125c6b0b..5c0b4f0011 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1323,10 +1323,6 @@ manuals: section: - title: Configure your deployment path: /ee/ucp/interlock/config/ - - title: Using a custom extension template - path: /ee/ucp/interlock/config/custom-template/ - - title: Configuring an HAProxy extension - path: /ee/ucp/interlock/config/haproxy-config/ - title: Configuring host mode networking path: /ee/ucp/interlock/config/host-mode-networking/ - title: Configuring an nginx extension @@ -1355,8 +1351,6 @@ manuals: path: /ee/ucp/interlock/usage/service-clusters/ - title: Implementing persistent (sticky) sessions path: /ee/ucp/interlock/usage/sessions/ - - title: Implementing SSL - path: /ee/ucp/interlock/usage/ssl/ - title: Securing services with TLS path: /ee/ucp/interlock/usage/tls/ - title: Configuring websockets diff --git a/datacenter/ucp/3.0/guides/user/interlock/usage/tls.md b/datacenter/ucp/3.0/guides/user/interlock/usage/tls.md index 5e23c44ddc..9e619f97a1 100644 --- a/datacenter/ucp/3.0/guides/user/interlock/usage/tls.md +++ b/datacenter/ucp/3.0/guides/user/interlock/usage/tls.md @@ -3,8 +3,6 @@ title: Applications with SSL description: Learn how to configure your swarm services with TLS using the layer 7 routing solution for UCP. keywords: routing, proxy, tls -redirect_from: - - /ee/ucp/interlock/usage/ssl/ --- Once the [layer 7 routing solution is enabled](../deploy/index.md), you can diff --git a/ee/ucp/interlock/config/custom-template.md b/ee/ucp/interlock/config/custom-template.md deleted file mode 100644 index cc8e63cd8a..0000000000 --- a/ee/ucp/interlock/config/custom-template.md +++ /dev/null @@ -1,304 +0,0 @@ ---- -title: Custom templates -description: Learn how to use a custom extension template -keywords: routing, proxy, interlock, load balancing ---- - -Use a custom extension if a needed option is not available in the extension configuration. - -> Warning: - This should be used with extreme caution as this completely bypasses the built-in - extension template. Therefore, if you update the extension image in the future, - you will not receive the updated template because you are using a custom one. - -To use a custom template: - -1. Create a Swarm configuration using a new template -2. Create a Swarm configuration object -3. Update the extension - -## Create a Swarm configuration using a new template -First, create a Swarm config using the new template, as shown in the following example. This example uses a custom Nginx configuration template, but you can use any extension configuration (for example, HAProxy). - -The contents of the example `custom-template.conf` include: - -{% raw %} -``` -# CUSTOM INTERLOCK CONFIG -user {{ .ExtensionConfig.User }}; -worker_processes {{ .ExtensionConfig.WorkerProcesses }}; - -error_log {{ .ExtensionConfig.ErrorLogPath }} warn; -pid {{ .ExtensionConfig.PidPath }}; - - -events { - worker_connections {{ .ExtensionConfig.MaxConnections }}; - -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - server_names_hash_bucket_size 128; - - # add custom HTTP options here, etc. - - log_format main {{ .ExtensionConfig.MainLogFormat }} - - log_format trace {{ .ExtensionConfig.TraceLogFormat }} - - access_log {{ .ExtensionConfig.AccessLogPath }} main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout {{ .ExtensionConfig.KeepaliveTimeout }}; - client_max_body_size {{ .ExtensionConfig.ClientMaxBodySize }}; - client_body_buffer_size {{ .ExtensionConfig.ClientBodyBufferSize }}; - client_header_buffer_size {{ .ExtensionConfig.ClientHeaderBufferSize }}; - large_client_header_buffers {{ .ExtensionConfig.LargeClientHeaderBuffers }}; - client_body_timeout {{ .ExtensionConfig.ClientBodyTimeout }}; - underscores_in_headers {{ if .ExtensionConfig.UnderscoresInHeaders }}on{{ else }}off{{ end }}; - - add_header x-request-id $request_id; - add_header x-proxy-id $hostname; - add_header x-server-info "{{ .Version }}"; - add_header x-upstream-addr $upstream_addr; - add_header x-upstream-response-time $upstream_response_time; - - proxy_connect_timeout {{ .ExtensionConfig.ConnectTimeout }}; - proxy_send_timeout {{ .ExtensionConfig.SendTimeout }}; - proxy_read_timeout {{ .ExtensionConfig.ReadTimeout }}; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header x-request-id $request_id; - send_timeout {{ .ExtensionConfig.SendTimeout }}; - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - - ssl_prefer_server_ciphers on; - ssl_ciphers {{ .ExtensionConfig.SSLCiphers }}; - ssl_protocols {{ .ExtensionConfig.SSLProtocols }}; - {{ if (and (gt .ExtensionConfig.SSLDefaultDHParam 0) (ne .ExtensionConfig.SSLDefaultDHParamPath "")) }}ssl_dhparam {{ .ExtensionConfig.SSLDefaultDHParamPath }};{{ end }} - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - {{ if not .HasDefaultBackend }} - # default host return 503 - server { - listen {{ .Port }} default_server; - server_name _; - - root /usr/share/nginx/html; - - error_page 503 /503.html; - location = /503.html { - try_files /503.html @error; - internal; - } - - location @error { - root /usr/share/nginx/html; - } - - location / { - return 503; - - } - - location /nginx_status { - stub_status on; - access_log off; - } - - } - {{ end }} - - {{ range $host, $backends := .Hosts }} - {{ with $hostBackend := index $backends 0 }} - {{ $sslBackend := index $.SSLBackends $host }} - upstream {{ backendName $host }} { - {{ if $hostBackend.IPHash }}ip_hash; {{else}}zone {{ backendName $host }}_backend 64k;{{ end }} - {{ if ne $hostBackend.StickySessionCookie "" }}hash $cookie_{{ $hostBackend.StickySessionCookie }} consistent; {{ end }} - {{ range $backend := $backends }} - {{ range $up := $backend.Targets }}server {{ $up }}; - {{ end }} - {{ end }} {{/* end range backends */}} - - } - {{ if not $sslBackend.Passthrough }} - server { - listen {{ $.Port }}{{ if $hostBackend.DefaultBackend }} default_server{{ end }}; - {{ if $hostBackend.DefaultBackend }}server_name _;{{ else }}server_name {{$host}};{{ end }} - - {{ if (isRedirectHost $host $hostBackend.Redirects) }} - {{ range $redirect := $hostBackend.Redirects }} - {{ if isRedirectMatch $redirect.Source $host }}return 302 {{ $redirect.Target }}$request_uri;{{ end }} - {{ end }} - {{ else }} - - {{ if eq ( len $hostBackend.ContextRoots ) 0 }} - {{ if not (isWebsocketRoot $hostBackend.WebsocketEndpoints) }} - location / { - proxy_pass {{ if $hostBackend.SSLBackend }}https://{{ else }}http://{{ backendName $host }};{{ end }} - } - {{ end }} - - {{ range $ws := $hostBackend.WebsocketEndpoints }} - location {{ $ws }} { - proxy_pass {{ if $hostBackend.SSLBackend }}https://{{ else }}http://{{ backendName $host }};{{ end }} - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Origin ''; - } - {{ end }} {{/* end range WebsocketEndpoints */}} - {{ else }} - - {{ range $ctxroot := $hostBackend.ContextRoots }} - location {{ $ctxroot.Path }} { - {{ if $ctxroot.Rewrite }}rewrite ^([^.]*[^/])$ $1/ permanent; - rewrite ^{{ $ctxroot.Path }}/(.*) /$1 break;{{ end }} - proxy_pass http://{{ backendName $host }}; - } - {{ end }} {{/* end range contextroots */}} - - {{ end }} {{/* end len $hostBackend.ContextRoots */}} - location /nginx_status { - stub_status on; - access_log off; - } - {{ end }}{{/* end isRedirectHost */}} - - } - {{ end }} {{/* end if not sslBackend.Passthrough */}} - - {{/* SSL */}} - {{ if ne $hostBackend.SSLCert "" }} - {{ $sslBackend := index $.SSLBackends $host }} - server { - listen 127.0.0.1:{{ $sslBackend.Port }} ssl proxy_protocol; - server_name {{ $host }}; - ssl on; - ssl_certificate /run/secrets/{{ $hostBackend.SSLCertTarget }}; - {{ if ne $hostBackend.SSLKey "" }}ssl_certificate_key /run/secrets/{{ $hostBackend.SSLKeyTarget }};{{ end }} - set_real_ip_from 127.0.0.1/32; - real_ip_header proxy_protocol; - - {{ if eq ( len $hostBackend.ContextRoots ) 0 }} - {{ if not (isWebsocketRoot $hostBackend.WebsocketEndpoints) }} - location / { - proxy_pass {{ if $hostBackend.SSLBackend }}https://{{ else }}http://{{ backendName $host }};{{ end }} - } - {{ end }} - - {{ range $ws := $hostBackend.WebsocketEndpoints }} - location {{ $ws }} { - proxy_pass {{ if $hostBackend.SSLBackend }}https://{{ else }}http://{{ backendName $host }};{{ end }} - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Origin {{$host}}; - - } - {{ end }} {{/* end range WebsocketEndpoints */}} - {{ else }} - - {{ range $ctxroot := $hostBackend.ContextRoots }} - location {{ $ctxroot.Path }} { - {{ if $ctxroot.Rewrite }}rewrite ^([^.]*[^/])$ $1/ permanent; - rewrite ^{{ $ctxroot.Path }}/(.*) /$1 break;{{ end }} - proxy_pass http://{{ backendName $host }}; - } - {{ end }} {{/* end range contextroots */}} - - {{ end }} {{/* end len $hostBackend.ContextRoots */}} - location /nginx_status { - stub_status on; - access_log off; - } - - } {{ end }} {{/* end $hostBackend.SSLCert */}} - {{ end }} {{/* end with hostBackend */}} - - {{ end }} {{/* end range .Hosts */}} - - include /etc/nginx/conf.d/*.conf; -} -stream { - # main log compatible format - log_format stream '$remote_addr - - [$time_local] "$ssl_preread_server_name -> $name ($protocol)" ' - '$status $bytes_sent "" "" "" '; - map $ssl_preread_server_name $name { - {{ range $host, $sslBackend := $.SSLBackends }} - {{ $sslBackend.Host }} {{ if $sslBackend.Passthrough }}pt-{{ backendName $host }};{{ else }}127.0.0.1:{{ $sslBackend.Port }}; {{ end }} - {{ if $sslBackend.DefaultBackend }}default {{ if $sslBackend.Passthrough }}pt-{{ backendName $host }};{{ else }}127.0.0.1:{{ $sslBackend.Port }}; {{ end }}{{ end }} - {{ end }} - - } - {{ range $host, $sslBackend := $.SSLBackends }} - upstream pt-{{ backendName $sslBackend.Host }} { - {{ $h := index $.Hosts $sslBackend.Host }}{{ $hostBackend := index $h 0 }} - {{ if $sslBackend.Passthrough }} - server 127.0.0.1:{{ $sslBackend.ProxyProtocolPort }}; - {{ else }} - {{ range $up := $hostBackend.Targets }}server {{ $up }}; - {{ end }} {{/* end range backend targets */}} - {{ end }} {{/* end range sslbackend */}} - - }{{ end }} {{/* end range SSLBackends */}} - - {{ range $host, $sslBackend := $.SSLBackends }} - {{ $proxyProtocolPort := $sslBackend.ProxyProtocolPort }} - {{ $h := index $.Hosts $sslBackend.Host }}{{ $hostBackend := index $h 0 }} - {{ if ne $proxyProtocolPort 0 }} - upstream proxy-{{ backendName $sslBackend.Host }} { - {{ range $up := $hostBackend.Targets }}server {{ $up }}; - {{ end }} {{/* end range backend targets */}} - - } - server { - listen {{ $proxyProtocolPort }} proxy_protocol; - proxy_pass proxy-{{ backendName $sslBackend.Host }}; - - } - {{ end }} {{/* end if ne proxyProtocolPort 0 */}} - {{ end }} {{/* end range SSLBackends */}} - - server { - listen {{ $.SSLPort }}; - proxy_pass $name; - proxy_protocol on; - ssl_preread on; - access_log {{ .ExtensionConfig.AccessLogPath }} stream; - } -} -``` -{% endraw %} - -## Create a Swarm configuration object -To create a Swarm config object: - -``` -$> docker config create interlock-custom-template custom.conf -``` - -## Update the extension -Now update the extension to use this new template: - -``` -$> docker service update --config-add source=interlock-custom-template,target=/etc/docker/extension-template.conf interlock-ext -``` - -This should trigger an update and a new proxy configuration will be generated. - -## Remove the custom template -To remove the custom template and revert to using the built-in template: - -``` -$> docker service update --config-rm interlock-custom-template interlock-ext -``` diff --git a/ee/ucp/interlock/config/haproxy-config.md b/ee/ucp/interlock/config/haproxy-config.md deleted file mode 100644 index 6108e8ca75..0000000000 --- a/ee/ucp/interlock/config/haproxy-config.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: Configure HAProxy -description: Learn how to configure an HAProxy extension -keywords: routing, proxy, interlock, load balancing ---- - -The following HAProxy configuration options are available: - -| Option | Type | Description | -| --- | --- | --- | -| `PidPath` | string | path to the pid file for the proxy service | -| `MaxConnections` | int | maximum number of connections for proxy service | -| `ConnectTimeout` | int | timeout in seconds for clients to connect | -| `ClientTimeout` | int | timeout in seconds for the service to send a request to the proxied upstream | -| `ServerTimeout` | int | timeout in seconds for the service to read a response from the proxied upstream | -| `AdminUser` | string | username to be used with authenticated access to the proxy service | -| `AdminPass` | string | password to be used with authenticated access to the proxy service | -| `SSLOpts` | string | options to be passed when configuring SSL | -| `SSLDefaultDHParam` | int | size of DH parameters | -| `SSLVerify` | string | SSL client verification | -| `SSLCiphers` | string | SSL ciphers to use for the proxy service | -| `SSLProtocols` | string | enable the specified TLS protocols | -| `GlobalOptions` | []string | list of options that are included in the global configuration | -| `DefaultOptions` | []string | list of options that are included in the default configuration | - -## Notes - -When using SSL termination, the certificate and key must be combined into a single certificate (i.e. `cat cert.pem key.pem > combined.pem`). The HAProxy extension only uses the certificate label to configure SSL. diff --git a/ee/ucp/interlock/usage/ssl.md b/ee/ucp/interlock/usage/ssl.md deleted file mode 100644 index 154636f2fe..0000000000 --- a/ee/ucp/interlock/usage/ssl.md +++ /dev/null @@ -1,224 +0,0 @@ ---- -title: Implement applications with SSL -description: Learn how to configure your swarm services with SSL. -keywords: routing, proxy, tls, ssl -redirect_from: - - /ee/ucp/interlock/usage/ssl/ ---- - -This topic covers Swarm services implementation with: - -- SSL termination -- SSL passthrough - -## SSL termination -In the following example, Docker [Secrets](/engine/swarm/secrets/) -are used to centrally and securely store SSL certificates in order to terminate SSL at the proxy service. -Application traffic is encrypted in transport to the proxy service, which terminates SSL and then -uses unencrypted traffic inside the secure datacenter. - -![Interlock SSL Termination](../../images/interlock_ssl_termination.png) - -First, certificates are generated: - -```bash -$> openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj "/C=US/ST=SomeState/L=SomeCity/O=Interlock/CN=demo.local" \ - -keyout demo.local.key \ - -out demo.local.cert -``` - -Two files are created: `demo.local.cert` and `demo.local.key`. Next, we - use these to create Docker Secrets. - -```bash -$> docker secret create demo.local.cert demo.local.cert -ywn8ykni6cmnq4iz64um1pj7s -$> docker secret create demo.local.key demo.local.key -e2xo036ukhfapip05c0sizf5w -``` - -Next, we create an overlay network so that service traffic is isolated and secure: - -```bash -$> docker network create -d overlay demo -1se1glh749q1i4pw0kf26mfx5 -``` - -```bash -$> docker service create \ - --name demo \ - --network demo \ - --label com.docker.lb.hosts=demo.local \ - --label com.docker.lb.port=8080 \ - --label com.docker.lb.ssl_cert=demo.local.cert \ - --label com.docker.lb.ssl_key=demo.local.key \ - ehazlett/docker-demo -6r0wiglf5f3bdpcy6zesh1pzx -``` - -Interlock detects when the service is available and publishes it. After tasks are running -and the proxy service is updated, the application should be available via `https://demo.local`. - -Note: You must have an entry for `demo.local` in your local hosts (i.e. `/etc/hosts`) file. -You cannot use a host header as shown in other examples due to the way [SNI](https://tools.ietf.org/html/rfc3546#page-8) works. - -```bash -$> curl -vsk https://demo.local/ping -* Trying 127.0.0.1... -* TCP_NODELAY set -* Connected to demo.local (127.0.0.1) port 443 (#0) -* ALPN, offering http/1.1 -* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH -* successfully set certificate verify locations: -* CAfile: /etc/ssl/certs/ca-certificates.crt - CApath: none -* TLSv1.2 (OUT), TLS handshake, Client hello (1): -* TLSv1.2 (IN), TLS handshake, Server hello (2): -* TLSv1.2 (IN), TLS handshake, Certificate (11): -* TLSv1.2 (IN), TLS handshake, Server key exchange (12): -* TLSv1.2 (IN), TLS handshake, Server finished (14): -* TLSv1.2 (OUT), TLS handshake, Client key exchange (16): -* TLSv1.2 (OUT), TLS change cipher, Client hello (1): -* TLSv1.2 (OUT), TLS handshake, Finished (20): -* TLSv1.2 (IN), TLS change cipher, Client hello (1): -* TLSv1.2 (IN), TLS handshake, Finished (20): -* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 -* ALPN, server accepted to use http/1.1 -* Server certificate: -* subject: C=US; ST=SomeState; L=SomeCity; O=Interlock; CN=demo.local -* start date: Nov 8 16:23:03 2017 GMT -* expire date: Nov 6 16:23:03 2027 GMT -* issuer: C=US; ST=SomeState; L=SomeCity; O=Interlock; CN=demo.local -* SSL certificate verify result: self signed certificate (18), continuing anyway. -> GET /ping HTTP/1.1 -> Host: demo.local -> User-Agent: curl/7.54.0 -> Accept: */* -> -< HTTP/1.1 200 OK -< Server: nginx/1.13.6 -< Date: Wed, 08 Nov 2017 16:26:55 GMT -< Content-Type: text/plain; charset=utf-8 -< Content-Length: 92 -< Connection: keep-alive -< Set-Cookie: session=1510158415298009207; Path=/; Expires=Thu, 09 Nov 2017 16:26:55 GMT; Max-Age=86400 -< x-request-id: 4b15ab2aaf2e0bbdea31f5e4c6b79ebd -< x-proxy-id: a783b7e646af -< x-server-info: interlock/2.0.0-development (147ff2b1) linux/amd64 -< x-upstream-addr: 10.0.2.3:8080 - -{"instance":"c2f1afe673d4","version":"0.1",request_id":"7bcec438af14f8875ffc3deab9215bc5"} -``` - -Because the certificate and key are stored securely in Swarm, you can safely scale this service, as well as the proxy -service, and Swarm handles granting access to the credentials as needed. - -## SSL passthrough -In the following example, SSL passthrough is used to ensure encrypted communication from the request to the application -service. This ensures maximum security because there is no unencrypted transport. - -![Interlock SSL Passthrough](../../images/interlock_ssl_passthrough.png) - -First, generate certificates for the application: - -```bash -$> openssl req \ - -new \ - -newkey rsa:4096 \ - -days 3650 \ - -nodes \ - -x509 \ - -subj "/C=US/ST=SomeState/L=SomeCity/O=Interlock/CN=demo.local" \ - -keyout app.key \ - -out app.cert -``` - -Two files are created: `app.cert` and `app.key`. Next, we - use these to create Docker Secrets. - -```bash -$> docker secret create app.cert app.cert -ywn8ykni6cmnq4iz64um1pj7s -$> docker secret create app.key app.key -e2xo036ukhfapip05c0sizf5w -``` - -Now create an overlay network to isolate and secure service traffic: - -```bash -$> docker network create -d overlay demo -1se1glh749q1i4pw0kf26mfx5 -``` - -```bash -$> docker service create \ - --name demo \ - --network demo \ - --detach=false \ - --secret source=app.cert,target=/run/secrets/cert.pem \ - --secret source=app.key,target=/run/secrets/key.pem \ - --label com.docker.lb.hosts=demo.local \ - --label com.docker.lb.port=8080 \ - --label com.docker.lb.ssl_passthrough=true \ - --env METADATA="demo-ssl-passthrough" \ - ehazlett/docker-demo --tls-cert=/run/secrets/cert.pem --tls-key=/run/secrets/key.pem -``` - -Interlock detects when the service is available and publishes it. When tasks are running -and the proxy service is updated, the application is available via `https://demo.local`. - -Note: You must have an entry for `demo.local` in your local hosts (i.e. `/etc/hosts`) file. -You cannot use a host header as in other examples due to the way [SNI](https://tools.ietf.org/html/rfc3546#page-8) works. - -```bash -$> curl -vsk https://demo.local/ping -* Trying 127.0.0.1... -* TCP_NODELAY set -* Connected to demo.local (127.0.0.1) port 443 (#0) -* ALPN, offering http/1.1 -* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH -* successfully set certificate verify locations: -* CAfile: /etc/ssl/certs/ca-certificates.crt - CApath: none -* TLSv1.2 (OUT), TLS handshake, Client hello (1): -* TLSv1.2 (IN), TLS handshake, Server hello (2): -* TLSv1.2 (IN), TLS handshake, Certificate (11): -* TLSv1.2 (IN), TLS handshake, Server key exchange (12): -* TLSv1.2 (IN), TLS handshake, Server finished (14): -* TLSv1.2 (OUT), TLS handshake, Client key exchange (16): -* TLSv1.2 (OUT), TLS change cipher, Client hello (1): -* TLSv1.2 (OUT), TLS handshake, Finished (20): -* TLSv1.2 (IN), TLS change cipher, Client hello (1): -* TLSv1.2 (IN), TLS handshake, Finished (20): -* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 -* ALPN, server accepted to use http/1.1 -* Server certificate: -* subject: C=US; ST=SomeState; L=SomeCity; O=Interlock; CN=demo.local -* start date: Nov 8 16:39:45 2017 GMT -* expire date: Nov 6 16:39:45 2027 GMT -* issuer: C=US; ST=SomeState; L=SomeCity; O=Interlock; CN=demo.local -* SSL certificate verify result: self signed certificate (18), continuing anyway. -> GET /ping HTTP/1.1 -> Host: demo.local -> User-Agent: curl/7.54.0 -> Accept: */* -> -< HTTP/1.1 200 OK -< Connection: close -< Set-Cookie: session=1510159255159600720; Path=/; Expires=Thu, 09 Nov 2017 16:40:55 GMT; Max-Age=86400 -< Date: Wed, 08 Nov 2017 16:40:55 GMT -< Content-Length: 78 -< Content-Type: text/plain; charset=utf-8 -< -{"instance":"327d5a26bc30","version":"0.1","metadata":"demo-ssl-passthrough"} -``` - -Application traffic travels securely, fully encrypted from the request to the application service. -Notice that Interlock cannot add the metadata response headers (version info, request ID, etc), because this is using -TCP passthrough and cannot add the metadata. diff --git a/ee/ucp/interlock/usage/tls.md b/ee/ucp/interlock/usage/tls.md index 08216228cf..6f746d9470 100644 --- a/ee/ucp/interlock/usage/tls.md +++ b/ee/ucp/interlock/usage/tls.md @@ -2,6 +2,8 @@ title: Secure services with TLS description: Learn how to configure your swarm services with TLS. keywords: routing, proxy, tls +redirect_from: + - /ee/ucp/interlock/usage/ssl/ --- After [deploying a layer 7 routing solution](../deploy/index.md), you have two options for securing your diff --git a/engine/release-notes.md b/engine/release-notes.md index 27772a8358..80c2d1500b 100644 --- a/engine/release-notes.md +++ b/engine/release-notes.md @@ -58,7 +58,7 @@ consistency and compatibility reasons. ### Known Issues -* There are [important changes](https://github.com/docker/docker.github.io/blob/patch-04-2019/ee/upgrade) to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later. +* There are [important changes](/ee/upgrade) to the upgrade process that, if not correctly followed, can have an impact on the availability of applications running on the Swarm during upgrades. These constraints impact any upgrades coming from any version before 18.09 to version 18.09 or later. ## 18.09.4 diff --git a/reference/dtr/2.6/cli/backup.md b/reference/dtr/2.6/cli/backup.md index 17b2a5de76..b69f099a40 100644 --- a/reference/dtr/2.6/cli/backup.md +++ b/reference/dtr/2.6/cli/backup.md @@ -20,7 +20,7 @@ docker run -i --rm docker/dtr \ #### Basic ```bash -docker run -i --rm --log-driver none docker/dtr:{{ page.dtr_version }} \ +docker run -i --rm --log-driver none docker/dtr:2.6.5 \ backup --ucp-ca "$(cat ca.pem)" --existing-replica-id 5eb9459a7832 > backup.tar ``` From a1074ebff32995aea1d180095f864ff29f04fcdf Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Tue, 7 May 2019 18:17:46 -0700 Subject: [PATCH 06/15] Sync published with master (#8778) * Fixed syntax error (#8732) Last edit to the REPLICA_ID command introduced a syntax error by adding an extra ')'. Removed it. * Fix replica ID setting examples - Accept suggestion from @thajeztah based on product testing - Apply change to page examples - Remove NFS backup example based on the following errors: tar: /var/lib/docker/volumes/dtr-registry-nfs-36e6bf87816d: Cannot stat: No such file or directory tar: Exiting with failure status due to previous errors * Update header for example tar * Fixed link title * Added new example and deprecation info (#8773) * Updated multi-stage build doc (#8769) Changed the 'as' keyword to 'AS' to match the Dockerfile reference docs here: https://docs.docker.com/engine/reference/builder/#from * Fix typo (#8766) * Fixed a sentence (#8728) * Minor edit * Update configure-tls.md (#8719) * Update upgrade.md (#8718) * Update index.md (#8717) * Update configure-tls.md (#8716) * Add TOC entry for Hub page title change (#8777) * Update upgrade.md * Fix left navigation TOC * Update get-started.md (#8713) * Update tmpfs.md (#8711) * Add an indentation in compose-gettingstarted.md (#8487) * Fix messaging on service dependencies --- _data/toc.yaml | 2 +- compose/extends.md | 2 +- compose/gettingstarted.md | 17 +++++++++------- develop/develop-images/multistage-build.md | 4 ++-- docker-hub/index.md | 2 +- docker-hub/upgrade.md | 6 +++--- .../disaster-recovery/create-a-backup.md | 19 +++++------------- ee/dtr/release-notes.md | 2 +- .../admin/configure/ucp-configuration-file.md | 20 +++++++++++++------ ee/ucp/kubernetes/storage/use-nfs-volumes.md | 2 +- ee/ucp/release-notes.md | 2 +- machine/get-started.md | 2 +- storage/tmpfs.md | 2 +- swarm/configure-tls.md | 2 +- 14 files changed, 43 insertions(+), 41 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index 5c0b4f0011..fd834bfa11 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -3341,7 +3341,7 @@ manuals: - path: /docker-hub/slack_integration/ title: Slack Integration - path: /docker-hub/upgrade/ - title: Upgrading your plan + title: Upgrade your plan - sectiontitle: Automated Builds section: - path: /docker-hub/builds/ diff --git a/compose/extends.md b/compose/extends.md index 4a253012b6..0af8391a61 100644 --- a/compose/extends.md +++ b/compose/extends.md @@ -44,7 +44,7 @@ relative to the base file. ### Example use case -In this section are two common use cases for multiple compose files: changing a +In this section, there are two common use cases for multiple Compose files: changing a Compose app for different environments, and running administrative tasks against a Compose app. diff --git a/compose/gettingstarted.md b/compose/gettingstarted.md index 822df6a0e9..35189c3ce4 100644 --- a/compose/gettingstarted.md +++ b/compose/gettingstarted.md @@ -119,15 +119,18 @@ the following: redis: image: "redis:alpine" -This Compose file defines two services, `web` and `redis`. The `web` service: +This Compose file defines two services: `web` and `redis`. -* Uses an image that's built from the `Dockerfile` in the current directory. -* Forwards the exposed port 5000 on the container to port 5000 on the host - machine. We use the default port for the Flask web server, `5000`. +### Web service -The `redis` service uses a public -[Redis](https://registry.hub.docker.com/_/redis/) image pulled from the Docker -Hub registry. +The `web` service uses an image that's built from the `Dockerfile` in the current directory. +It then binds the container and the host machine to the exposed port, `5000`. This example service uses the default port for +the Flask web server, `5000`. + +### Redis service + +The `redis` service uses a public [Redis](https://registry.hub.docker.com/_/redis/) +image pulled from the Docker Hub registry. ## Step 4: Build and run your app with Compose diff --git a/develop/develop-images/multistage-build.md b/develop/develop-images/multistage-build.md index 2f3ae15005..022a1741db 100644 --- a/develop/develop-images/multistage-build.md +++ b/develop/develop-images/multistage-build.md @@ -131,13 +131,13 @@ intermediate artifacts are left behind, and not saved in the final image. By default, the stages are not named, and you refer to them by their integer number, starting with 0 for the first `FROM` instruction. However, you can -name your stages, by adding an `as ` to the `FROM` instruction. This +name your stages, by adding an `AS ` to the `FROM` instruction. This example improves the previous one by naming the stages and using the name in the `COPY` instruction. This means that even if the instructions in your Dockerfile are re-ordered later, the `COPY` doesn't break. ```conf -FROM golang:1.7.3 as builder +FROM golang:1.7.3 AS builder WORKDIR /go/src/github.com/alexellis/href-counter/ RUN go get -d -v golang.org/x/net/html COPY app.go . diff --git a/docker-hub/index.md b/docker-hub/index.md index ce1d4491da..e2ed1c6f4b 100644 --- a/docker-hub/index.md +++ b/docker-hub/index.md @@ -141,7 +141,7 @@ Congratulations! You've successfully: - Built a Docker container image on your computer - Pushed it to Docker Hub -### Next Steps +### Next steps - Create an [Organization](orgs.md) to use Docker Hub with your team. - Automatically build container images from code through [Builds](builds/index.md). diff --git a/docker-hub/upgrade.md b/docker-hub/upgrade.md index 54a133e39e..b842b3b93d 100644 --- a/docker-hub/upgrade.md +++ b/docker-hub/upgrade.md @@ -1,12 +1,12 @@ --- description: Upgrading your Docker Hub Plan keywords: Docker, docker, trusted, registry, accounts, plans, Dockerfile, Docker Hub, webhooks, docs, documentation -title: Upgrading your Plan +title: Upgrade your Plan --- User and organization accounts maintain separate Docker Hub billing profiles. -### Upgrading your personal plan +### Upgrade your personal plan Docker Hub includes one private Docker Hub repository for free. If you need more private repositories, you can upgrade from your free account to a paid @@ -17,7 +17,7 @@ To upgrade: 2. Click Change Plan 3. Select your plan and provide your payment information to upgrade ![Upgrade Plan](images/index-upgrade-plan.png) -### Upgrading your organization's plan +### Upgrade your organization's plan To upgrade an Organization's plan: diff --git a/ee/dtr/admin/disaster-recovery/create-a-backup.md b/ee/dtr/admin/disaster-recovery/create-a-backup.md index 95373f2f77..75787441db 100644 --- a/ee/dtr/admin/disaster-recovery/create-a-backup.md +++ b/ee/dtr/admin/disaster-recovery/create-a-backup.md @@ -78,11 +78,11 @@ docker ps --format "{{.Names}}" | grep dtr ##### SSH access -Another way to determine the replica ID is to SSH into a DTR node and run the following: +Another way to determine the replica ID is to log into a DTR node using SSH and run the following: {% raw %} ```bash -REPLICA_ID=$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-') +REPLICA_ID=$(docker ps --format '{{.Names}}' -f name=dtr-rethink | cut -f 3 -d '-') && echo $REPLICA_ID ``` {% endraw %} @@ -96,23 +96,14 @@ If you've configured DTR to store images on the local file system or NFS mount, you can back up the images by using SSH to log into a DTR node, and creating a `tar` archive of the [dtr-registry volume](../../architecture.md): -#### Example backup commands +#### Example backup command ##### Local images {% raw %} ```none sudo tar -cf dtr-image-backup-$(date +%Y%m%d-%H_%M_%S).tar \ -/var/lib/docker/volumes/dtr-registry-$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-') -``` -{% endraw %} - -##### NFS-mounted images - -{% raw %} -```none -sudo tar -cf dtr-image-backup-$(date +%Y%m%d-%H_%M_%S).tar \ - /var/lib/docker/volumes/dtr-registry-nfs-$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-') +/var/lib/docker/volumes/dtr-registry-$(docker ps --format '{{.Names}}' -f name=dtr-rethink | cut -f 3 -d '-') ``` {% endraw %} @@ -136,7 +127,7 @@ command. ```none DTR_VERSION=$(docker container inspect $(docker container ps -f name=dtr-registry -q) | \ grep -m1 -Po '(?<=DTR_VERSION=)\d.\d.\d'); \ -REPLICA_ID=$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-')); \ +REPLICA_ID=$(docker ps --format '{{.Names}}' -f name=dtr-rethink | cut -f 3 -d '-'); \ read -p 'ucp-url (The UCP URL including domain and port): ' UCP_URL; \ read -p 'ucp-username (The UCP administrator username): ' UCP_ADMIN; \ read -sp 'ucp password: ' UCP_PASSWORD; \ diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index e679649fb3..362bad8d26 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -26,7 +26,7 @@ to upgrade your installation to the latest release. ### Security -* Refer to [Docker Hub Maintenance](https://success.docker.com/article/dtr-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations. +* Refer to [DTR image vulnerabilities](https://success.docker.com/article/dtr-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations. ### Enhancements diff --git a/ee/ucp/admin/configure/ucp-configuration-file.md b/ee/ucp/admin/configure/ucp-configuration-file.md index 78ce30c8a5..5e38256f03 100644 --- a/ee/ucp/admin/configure/ucp-configuration-file.md +++ b/ee/ucp/admin/configure/ucp-configuration-file.md @@ -31,16 +31,22 @@ Specify your configuration settings in a TOML file. Use the `config-toml` API to export the current settings and write them to a file. Within the directory of a UCP admin user's [client certificate bundle](../../user-access/cli.md), the following command exports the current configuration for the UCP hostname `UCP_HOST` to a file named `ucp-config.toml`: -```bash -curl --cacert ca.pem --cert cert.pem --key key.pem https://UCP_HOST/api/ucp/config-toml > ucp-config.toml +### Get an authtoken + +``` +AUTHTOKEN=$(curl --silent --insecure --data '{"username":"","password":""}' https://UCP_HOST/auth/login | jq --raw-output .auth_token) ``` -Edit `ucp-config.toml`, then use the following `curl` command to import it back into -UCP and apply your configuration changes: +### Download config file +``` +curl -X GET "https://UCP_HOST/api/ucp/config-toml" -H "accept: application/toml" -H "Authorization: Bearer $AUTHTOKEN" > ucp-config.toml +``` -```bash -curl --cacert ca.pem --cert cert.pem --key key.pem --upload-file ucp-config.toml https://UCP_HOST/api/ucp/config-toml +### Upload config file + +``` +curl -X PUT -H "accept: application/toml" -H "Authorization: Bearer $AUTHTOKEN" --upload-file 'path/to/ucp-config.toml' https://UCP_HOST/api/ucp/config-toml ``` ## Apply an existing configuration file at install time @@ -141,6 +147,8 @@ Specifies whether DTR images require signing. ### log_configuration table (optional) +> Note: This feature has been deprecated. Refer to the [Deprecation notice](https://docs.docker.com/ee/ucp/release-notes/#deprecation-notice) for additional information. + Configures the logging options for UCP components. | Parameter | Required | Description | diff --git a/ee/ucp/kubernetes/storage/use-nfs-volumes.md b/ee/ucp/kubernetes/storage/use-nfs-volumes.md index e344b4a31a..f2561a1ca7 100644 --- a/ee/ucp/kubernetes/storage/use-nfs-volumes.md +++ b/ee/ucp/kubernetes/storage/use-nfs-volumes.md @@ -20,7 +20,7 @@ To mount existing NFS shares within Kubernetes Pods, we have 2 options: - Define NFS shares within the Pod definitions. NFS shares are defined manually by each tenant when creating a workload. - Define NFS shares as a Cluster object through Persistent Volumes, with - the CLuster object lifecycle handled separately from the workload. This is common for + the Cluster object lifecycle handled separately from the workload. This is common for operators who want to define a range of NFS shares for tenants to request and consume. diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index f34629078b..d8b66cd54f 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -25,7 +25,7 @@ upgrade your installation to the latest release. (2019-05-06) ### Security -* Refer to [Docker Hub Maintenance](https://success.docker.com/article/ucp-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations. +* Refer to [UCP image vulnerabilities](https://success.docker.com/article/ucp-image-vulnerabilities) for details regarding actions to be taken, timeline, and any status updates/issues/recommendations. ### Bug Fixes * Updated the UCP base image layers to fix a number of old libraries and components that had security vulnerabilities. diff --git a/machine/get-started.md b/machine/get-started.md index 9177a9bf1c..45d0e147da 100644 --- a/machine/get-started.md +++ b/machine/get-started.md @@ -7,7 +7,7 @@ title: Get started with Docker Machine and a local VM Let's take a look at using `docker-machine` to create, use and manage a Docker host inside of a local virtual machine. -## Prerequisite Information +## Prerequisite information With the advent of [Docker Desktop for Mac](/docker-for-mac/index.md) and [Docker Desktop for Windows](/docker-for-windows/index.md) as replacements for [Docker diff --git a/storage/tmpfs.md b/storage/tmpfs.md index faf1326012..a7ffe16b90 100644 --- a/storage/tmpfs.md +++ b/storage/tmpfs.md @@ -29,7 +29,7 @@ persist in either the host or the container writable layer. containers. * This functionality is only available if you're running Docker on Linux. -## Choosing the --tmpfs or --mount flag +## Choose the --tmpfs or --mount flag Originally, the `--tmpfs` flag was used for standalone containers and the `--mount` flag was used for swarm services. However, starting with Docker diff --git a/swarm/configure-tls.md b/swarm/configure-tls.md index eb18596ade..3034ce94ad 100644 --- a/swarm/configure-tls.md +++ b/swarm/configure-tls.md @@ -543,7 +543,7 @@ do this for the `ubuntu` user on your Docker Engine client. Congratulations! You have configured a Docker swarm cluster to use TLS. -## Related Information +## Related information * [Secure Docker Swarm with TLS](secure-swarm-tls.md) * [Docker security](/engine/security/security/) From 3556d6df16ac8f33e351982e1ac658d8219a0541 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Sun, 12 May 2019 20:02:12 -0700 Subject: [PATCH 07/15] Update link to DTR --- registry/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/registry/index.md b/registry/index.md index 89f6abf4c8..8d48990954 100644 --- a/registry/index.md +++ b/registry/index.md @@ -38,7 +38,7 @@ free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more). Users looking for a commercially supported version of the Registry should look -into [Docker Trusted Registry](/datacenter/dtr/2.1/guides/index.md). +into [Docker Trusted Registry](/ee/dtr/). ## Requirements From da6c0eb2c485fc6206be7a9d2b9cba9cbf415e8f Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Tue, 14 May 2019 17:47:08 -0700 Subject: [PATCH 08/15] Sync published with master (#8800) * Interlock link fixes (#8798) * Logging driver 920 (#8625) --- _data/toc.yaml | 4 + config/containers/logging/configure.md | 28 +++++- config/containers/logging/dual-logging.md | 114 ++++++++++++++++++++++ config/containers/logging/json-file.md | 17 ++-- config/containers/logging/local.md | 52 ++++++---- ee/ucp/interlock/deploy/production.md | 2 +- ee/ucp/interlock/usage/index.md | 3 +- 7 files changed, 183 insertions(+), 37 deletions(-) create mode 100644 config/containers/logging/dual-logging.md diff --git a/_data/toc.yaml b/_data/toc.yaml index fd834bfa11..e9cef0d3f1 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -325,12 +325,16 @@ guides: title: View a container's logs - path: /config/containers/logging/configure/ title: Configure logging drivers + - path: /config/containers/logging/dual-logging/ + title: Use docker logs with a logging driver - path: /config/containers/logging/plugins/ title: Use a logging driver plugin - path: /config/containers/logging/log_tags/ title: Customize log driver output - sectiontitle: Logging driver details section: + - path: /config/containers/logging/local/ + title: Local file logging driver - path: /config/containers/logging/logentries/ title: Logentries logging driver - path: /config/containers/logging/json-file/ diff --git a/config/containers/logging/configure.md b/config/containers/logging/configure.md index f281ed2140..4d44f688c4 100644 --- a/config/containers/logging/configure.md +++ b/config/containers/logging/configure.md @@ -19,7 +19,6 @@ unless you configure it to use a different logging driver. In addition to using the logging drivers included with Docker, you can also implement and use [logging driver plugins](/engine/admin/logging/plugins.md). - ## Configure the default logging driver To configure the Docker daemon to default to a specific logging driver, set the @@ -60,7 +59,7 @@ the default output for commands such as `docker inspect ` is JSON. To find the current default logging driver for the Docker daemon, run `docker info` and search for `Logging Driver`. You can use the following -command: +command on Linux, macOS, or PowerShell on Windows: {% raw %} ```bash @@ -146,8 +145,8 @@ see more options. | Driver | Description | |:------------------------------|:--------------------------------------------------------------------------------------------------------------| | `none` | No logs are available for the container and `docker logs` does not return any output. | +| [`local`](local.md) | Logs are stored in a custom format designed for minimal overhead. | | [`json-file`](json-file.md) | The logs are formatted as JSON. The default logging driver for Docker. | -| [`local`](local.md) | Writes logs messages to local filesystem in binary files using Protobuf. | | [`syslog`](syslog.md) | Writes logging messages to the `syslog` facility. The `syslog` daemon must be running on the host machine. | | [`journald`](journald.md) | Writes log messages to `journald`. The `journald` daemon must be running on the host machine. | | [`gelf`](gelf.md) | Writes log messages to a Graylog Extended Log Format (GELF) endpoint such as Graylog or Logstash. | @@ -160,6 +159,25 @@ see more options. ## Limitations of logging drivers -The `docker logs` command is not available for drivers other than `json-file` -and `journald`. +- Users of Docker Enterprise can make use of "dual logging", which enables you to use the `docker logs` +command for any logging driver. Refer to +[Reading logs when using remote logging drivers](/config/containers/logging/dual-logging/) for information about +using `docker logs` to read container logs locally for many third party logging solutions, including: + - syslog + - gelf + - fluentd + - awslogs + - splunk + - etwlogs + - gcplogs + - Logentries + +- When using Docker Community Engine, the `docker logs` command is only available on the following drivers: + + - `local` + - `json-file` + - `journald` + +- Reading log information requires decompressing rotated log files, which causes a temporary increase in disk usage (until the log entries from the rotated files are read) and an increased CPU usage while decompressing. +- The capacity of the host storage where docker’s data directory resides determines the maximum size of the log file information. diff --git a/config/containers/logging/dual-logging.md b/config/containers/logging/dual-logging.md new file mode 100644 index 0000000000..2f3d395582 --- /dev/null +++ b/config/containers/logging/dual-logging.md @@ -0,0 +1,114 @@ +--- +description: Learn how to read container logs locally when using a third party logging solution. +keywords: docker, logging, driver +title: Using docker logs to read container logs for remote logging drivers +--- + +## Overview + +Prior to Docker Engine Enterprise 18.03, the `jsonfile` and `journald` log drivers supported reading +container logs using `docker logs`. However, many third party logging drivers had no +support for locally reading logs using `docker logs`, including: + +- syslog +- gelf +- fluentd +- awslogs +- splunk +- etwlogs +- gcplogs +- Logentries + +This created multiple problems, especially with UCP, when attempting to gather log data in an +automated and standard way. Log information could only be accessed and viewed through the +third-party solution in the format specified by that third-party tool. + +Starting with Docker Engine Enterprise 18.03.1-ee-1, you can use `docker logs` to read container +logs regardless of the configured logging driver or plugin. This capability, sometimes referred to +as dual logging, allows you to use `docker logs` to read container logs locally in a consistent format, +regardless of the remote log driver used, because the engine is configured to log information to the “local” +logging driver. Refer to [Configure the default logging driver](/configure) for additional information. + +## Prerequisites + +- Docker Enterprise - Dual logging is only supported for Docker Enterprise, and is enabled by default starting with +Engine Enterprise 18.03.1-ee-1. + +## Usage +Dual logging is enabled by default. You must configure either the docker daemon or the container with remote logging driver. + +The following example shows the results of running a `docker logs` command with and without dual logging availability: + +### Without dual logging capability: +When a container or `dockerd` was configured with a remote logging driver such as splunk, an error was +displayed when attempting to read container logs locally: + +- Step 1: Configure Docker daemon + + ``` + $ cat /etc/docker/daemon.json + { + "log-driver": "splunk", + "log-opts": { + ... + } + } + ``` + +- Step 2: Start the container + + ``` + $ docker run -d busybox --name testlog top + ``` + +- Step 3: Read the container logs + ``` + $ docker logs 7d6ac83a89a0 + The docker logs command was not available for drivers other than json-file and journald. + ``` + +### With dual logging capability: +To configure a container or docker with a remote logging driver such as splunk: + +- Step 1: Configure Docker daemon + ``` + $ cat /etc/docker/daemon.json + { + "log-driver": "splunk", + "log-opts": { + ... + } + } + ``` + +- Step 2: Start the container + ``` + $ docker run -d busybox --name testlog top + ``` + +- Step 3: Read the container logs + ``` + $ docker logs 7d6ac83a89a0 + 2019-02-04T19:48:15.423Z [INFO] core: marked as sealed + 2019-02-04T19:48:15.423Z [INFO] core: pre-seal teardown starting + 2019-02-04T19:48:15.423Z [INFO] core: stopping cluster listeners + 2019-02-04T19:48:15.423Z [INFO] core: shutting down forwarding rpc listeners + 2019-02-04T19:48:15.423Z [INFO] core: forwarding rpc listeners stopped + 2019-02-04T19:48:15.599Z [INFO] core: rpc listeners successfully shut down + 2019-02-04T19:48:15.599Z [INFO] core: cluster listeners successfully shut down + ``` + +Note: +For a local driver, such as json-file and journald, there is no difference in functionality +before or after the dual logging capability became available. The log is locally visible in both scenarios. + + +## Limitations + +- You cannot specify more than one log driver. +- If a container using a logging driver or plugin that sends logs remotely suddenly has a "network" issue, +no ‘write’ to the local cache occurs. +- If a write to `logdriver` fails for any reason (file system full, write permissions removed), +the cache write fails and is logged in the daemon log. The log entry to the cache is not retried. +- Some logs might be lost from the cache in the default configuration because a ring buffer is used to +prevent blocking the stdio of the container in case of slow file writes. An admin must repair these while the daemon is shut down. diff --git a/config/containers/logging/json-file.md b/config/containers/logging/json-file.md index 913f08d305..c05825f476 100644 --- a/config/containers/logging/json-file.md +++ b/config/containers/logging/json-file.md @@ -13,10 +13,6 @@ and writes them in files using the JSON format. The JSON format annotates each l origin (`stdout` or `stderr`) and its timestamp. Each log file contains information about only one container. -```json -{"log":"Log line is here\n","stream":"stdout","time":"2019-01-01T11:11:11.111111111Z"} -``` - ## Usage To use the `json-file` driver as the default logging driver, set the `log-driver` @@ -26,22 +22,20 @@ located in `/etc/docker/` on Linux hosts or configuring Docker using `daemon.json`, see [daemon.json](/engine/reference/commandline/dockerd.md#daemon-configuration-file). -The following example sets the log driver to `json-file` and sets the `max-size` -and `max-file` options. +The following example sets the log driver to `json-file` and sets the `max-size` and 'max-file' options. ```json { "log-driver": "json-file", "log-opts": { "max-size": "10m", - "max-file": "3" + "max-file": "3" } } ``` - -> **Note**: `log-opt` configuration options in the `daemon.json` configuration -> file must be provided as strings. Boolean and numeric values (such as the value -> for `max-file` in the example above) must therefore be enclosed in quotes (`"`). +**Note**: `log-opt` configuration options in the `daemon.json` configuration +file must be provided as strings. Boolean and numeric values (such as the value +for `max-file` in the example above) must therefore be enclosed in quotes (`"`). Restart Docker for the changes to take effect for newly created containers. Existing containers do not use the new logging configuration. @@ -65,6 +59,7 @@ The `json-file` logging driver supports the following logging options: | `labels` | Applies when starting the Docker daemon. A comma-separated list of logging-related labels this daemon accepts. Used for advanced [log tag options](log_tags.md). | `--log-opt labels=production_status,geo` | | `env` | Applies when starting the Docker daemon. A comma-separated list of logging-related environment variables this daemon accepts. Used for advanced [log tag options](log_tags.md). | `--log-opt env=os,customer` | | `env-regex` | Similar to and compatible with `env`. A regular expression to match logging-related environment variables. Used for advanced [log tag options](log_tags.md). | `--log-opt env-regex=^(os|customer).` | +| `compress` | Toggles compression for rotated logs. Default is `disabled`. | `--log-opt compress=true` | ### Examples diff --git a/config/containers/logging/local.md b/config/containers/logging/local.md index 708e4a3ee8..dbd9d9974d 100644 --- a/config/containers/logging/local.md +++ b/config/containers/logging/local.md @@ -1,46 +1,53 @@ --- -description: Describes how to use the local binary (Protobuf) logging driver. -keywords: local, protobuf, docker, logging, driver +description: Describes how to use the local logging driver. +keywords: local, docker, logging, driver redirect_from: - /engine/reference/logging/local/ - /engine/admin/logging/local/ -title: local binary file Protobuf logging driver +title: Local File logging driver --- -This `log-driver` writes to `local` binary files using Protobuf [Protocol Buffers](https://en.wikipedia.org/wiki/Protocol_Buffers) +The `local` logging driver captures output from container's stdout/stderr and +writes them to an internal storage that is optimized for performance and disk +use. + +By default the `local` driver preserves 100MB of log messages per container and +uses automatic compression to reduce the size on disk. + +> *Note*: the `local` logging driver currently uses file-based storage. The +> file-format and storage mechanism are designed to be exclusively accessed by +> the Docker daemon, and should not be used by external tools as the +> implementation may change in future releases. ## Usage To use the `local` driver as the default logging driver, set the `log-driver` and `log-opt` keys to appropriate values in the `daemon.json` file, which is located in `/etc/docker/` on Linux hosts or -`C:\ProgramData\docker\config\daemon.json` on Windows Server. For more information about +`C:\ProgramData\docker\config\daemon.json` on Windows Server. For more about configuring Docker using `daemon.json`, see [daemon.json](/engine/reference/commandline/dockerd.md#daemon-configuration-file). -The following example sets the log driver to `local`. +The following example sets the log driver to `local` and sets the `max-size` +option. ```json { "log-driver": "local", - "log-opts": {} + "log-opts": { + "max-size": "10m" + } } ``` -> **Note**: `log-opt` configuration options in the `daemon.json` configuration -> file must be provided as strings. Boolean and numeric values (such as the value -> for `max-file` in the example above) must therefore be enclosed in quotes (`"`). - -Restart Docker for the changes to take effect for newly created containers. - -Existing containers will not use the new logging configuration. +Restart Docker for the changes to take effect for newly created containers. Existing containers do not use the new logging configuration. You can set the logging driver for a specific container by using the `--log-driver` flag to `docker container create` or `docker run`: ```bash $ docker run \ - --log-driver local --log-opt compress="false" \ + --log-driver local --log-opt max-size=10m \ alpine echo hello world ``` @@ -50,6 +57,15 @@ The `local` logging driver supports the following logging options: | Option | Description | Example value | |:------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------| -| `max-size` | The maximum size of each binary log file before rotation. A positive integer plus a modifier representing the unit of measure (`k`, `m`, or `g`). Defaults to `20m`. | `--log-opt max-size=10m` | -| `max-file` | The maximum number of binary log files. If rotating the logs creates an excess file, the oldest file is removed. **Only effective when `max-size` is also set.** A positive integer. Defaults to `5`. | `--log-opt max-file=5` | -| `compress` | Whether or not the binary files should be compressed. Defaults to `true` | `--log-opt compress=true` | +| `max-size` | The maximum size of the log before it is rolled. A positive integer plus a modifier representing the unit of measure (`k`, `m`, or `g`). Defaults to 20m. | `--log-opt max-size=10m` | +| `max-file` | The maximum number of log files that can be present. If rolling the logs creates excess files, the oldest file is removed. **Only effective when `max-size` is also set.** A positive integer. Defaults to 5. | `--log-opt max-file=3` | +| `compress` | Toggle compression of rotated log files. Enabled by default. | `--log-opt compress=false` | + +### Examples + +This example starts an `alpine` container which can have a maximum of 3 log +files no larger than 10 megabytes each. + +```bash +$ docker run -it --log-opt max-size=10m --log-opt max-file=3 alpine ash +``` diff --git a/ee/ucp/interlock/deploy/production.md b/ee/ucp/interlock/deploy/production.md index 0a353b4e8c..61ebc16e20 100644 --- a/ee/ucp/interlock/deploy/production.md +++ b/ee/ucp/interlock/deploy/production.md @@ -128,4 +128,4 @@ to provide more bandwidth for the user services. ## Next steps - [Configure Interlock](../config/index.md) -- [Deploy applications](../usage.index.md) +- [Deploy applications](./index.md) diff --git a/ee/ucp/interlock/usage/index.md b/ee/ucp/interlock/usage/index.md index 0a488ccf26..ccdf7bcb33 100644 --- a/ee/ucp/interlock/usage/index.md +++ b/ee/ucp/interlock/usage/index.md @@ -151,13 +151,12 @@ able to start using the service from your browser. ## Next steps - [Publish a service as a canary instance](./canary.md) -- [Usie context or path-based routing](./context.md) +- [Use context or path-based routing](./context.md) - [Publish a default host service](./interlock-vip-mode.md) - [Specify a routing mode](./interlock-vip-mode.md) - [Use routing labels](./labels-reference.md) - [Implement redirects](./redirects.md) - [Implement a service cluster](./service-clusters.md) - [Implement persistent (sticky) sessions](./sessions.md) -- [Implement SSL](./ssl.md) - [Secure services with TLS](./tls.md) - [Configure websockets](./websockets.md) From 596ec6eb9cfa9aa2305140056dab6db95392f609 Mon Sep 17 00:00:00 2001 From: usha-mandya Date: Wed, 15 May 2019 17:48:16 +0100 Subject: [PATCH 09/15] Adding links to Docker for Mac and Windows Community content --- ee/desktop/index.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ee/desktop/index.md b/ee/desktop/index.md index 4aa0d44ee6..5a25ea6821 100644 --- a/ee/desktop/index.md +++ b/ee/desktop/index.md @@ -4,7 +4,13 @@ description: Learn about Docker Desktop Enterprise keywords: Docker EE, Windows, Mac, Docker Desktop, Enterprise --- -Docker Desktop Enterprise (DDE) provides local development, testing, and building of Docker applications on Mac and Windows. With work performed locally, developers can leverage a rapid feedback loop before pushing code or Docker images to shared servers / continuous integration infrastructure. +Welcome to Docker Desktop Enterprise. This page contains information about the Docker Desktop Enterprise (DDE) release. For information about Docker Desktop Community, see: + +- [Docker Desktop for Mac (Community)](/docker-for-mac/){: target="_blank" class="_"} + +- [Docker Desktop for Windows (Community)](/docker-for-windows/){: target="_blank" class="_"} + +Docker Desktop Enterprise provides local development, testing, and building of Docker applications on Mac and Windows. With work performed locally, developers can leverage a rapid feedback loop before pushing code or Docker images to shared servers / continuous integration infrastructure. Docker Desktop Enterprise takes Docker Desktop Community, formerly known as Docker for Windows and Docker for Mac, a step further with simplified enterprise application development and maintenance. With DDE, IT organizations can ensure developers are working with the same version of Docker Desktop and can easily distribute Docker Desktop to large teams using third-party endpoint management applications. With the Docker Desktop graphical user interface (GUI), developers do not have to work with lower-level Docker commands and can auto-generate Docker artifacts. From 42ced3f6cd6b605a3086aa61a2682d141d04aaab Mon Sep 17 00:00:00 2001 From: Ulrich VACHON Date: Thu, 16 May 2019 14:02:40 +0200 Subject: [PATCH 10/15] Added Docker Desktop Enterprise 2.0.0.4-ent changelogs Signed-off-by: Ulrich VACHON --- ee/desktop/release-notes.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ee/desktop/release-notes.md b/ee/desktop/release-notes.md index e2c1306551..d55a63cd63 100644 --- a/ee/desktop/release-notes.md +++ b/ee/desktop/release-notes.md @@ -16,6 +16,28 @@ For Docker Enterprise Engine release notes, see [Docker Engine release notes](/e ## Docker Desktop Enterprise Releases of 2019 +### Docker Desktop Enterprise 2.0.0.4 + +2019-05-15 + +- Upgrades + + - [Docker 19.03.0-beta4](https://docs.docker.com/engine/release-notes/) in Version Pack Enterprise 3.0 + - [Docker 18.09.6](https://docs.docker.com/engine/release-notes/), [Kubernetes 1.11.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v11110) in Version Pack Enterprise 2.1 + - [LinuxKit v0.7](https://github.com/linuxkit/linuxkit/releases/tag/v0.7) + +- Bug fixes and minor changes + + - Fix a stability issue with the DNS resolver. + - Fix a race condition where kubernetes would sometimes fail to start after the application is restarted. + - Fix bug on docker-compose failing when user logout after login. See [docker/compose#6517](https://github.com/docker/compose/issues/6517) + - Improve reliability of `com.docker.osxfs trace` performance profiling command. + - Support large lists of resource DNS records on Mac. See [docker/for-mac#2160](https://github.com/docker/for-mac/issues/2160#issuecomment-431571031) + - Remove the ability to log in using an email address as a username (not supported by the Docker command line) + - Allow running a Docker registry in a container again. Fixes [docker/for-mac#3611](https://github.com/docker/for-mac/issues/3611). + - For LCOW one physical computer system running Windows 10 Professional or Windows 10 Enterprise version 1809 or later is required. + - Add a dialog box during start up when a shared drive fails to mount allowing the user to retry mounting the drive or remove it from the shared drive list. + ### Docker Desktop Enterprise 2.0.0.3 2019-04-26 From 911e6599e3282bc69da24565cb462cfea6bf4beb Mon Sep 17 00:00:00 2001 From: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> Date: Thu, 16 May 2019 15:02:39 +0100 Subject: [PATCH 11/15] minor updates to the public beta release notes --- ee/desktop/release-notes.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/ee/desktop/release-notes.md b/ee/desktop/release-notes.md index d55a63cd63..d8a090e71e 100644 --- a/ee/desktop/release-notes.md +++ b/ee/desktop/release-notes.md @@ -18,26 +18,26 @@ For Docker Enterprise Engine release notes, see [Docker Engine release notes](/e ### Docker Desktop Enterprise 2.0.0.4 -2019-05-15 +2019-05-16 - Upgrades - - [Docker 19.03.0-beta4](https://docs.docker.com/engine/release-notes/) in Version Pack Enterprise 3.0 - - [Docker 18.09.6](https://docs.docker.com/engine/release-notes/), [Kubernetes 1.11.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v11110) in Version Pack Enterprise 2.1 + - [Docker 19.03.0-beta4](https://docs.docker.com/engine/release-notes/) in Enterprise 3.0 version pack + - [Docker 18.09.6](https://docs.docker.com/engine/release-notes/), [Kubernetes 1.11.10](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v11110) in Enterprise 2.1 version pack - [LinuxKit v0.7](https://github.com/linuxkit/linuxkit/releases/tag/v0.7) - Bug fixes and minor changes - - Fix a stability issue with the DNS resolver. - - Fix a race condition where kubernetes would sometimes fail to start after the application is restarted. - - Fix bug on docker-compose failing when user logout after login. See [docker/compose#6517](https://github.com/docker/compose/issues/6517) - - Improve reliability of `com.docker.osxfs trace` performance profiling command. - - Support large lists of resource DNS records on Mac. See [docker/for-mac#2160](https://github.com/docker/for-mac/issues/2160#issuecomment-431571031) - - Remove the ability to log in using an email address as a username (not supported by the Docker command line) - - Allow running a Docker registry in a container again. Fixes [docker/for-mac#3611](https://github.com/docker/for-mac/issues/3611). - - For LCOW one physical computer system running Windows 10 Professional or Windows 10 Enterprise version 1809 or later is required. - - Add a dialog box during start up when a shared drive fails to mount allowing the user to retry mounting the drive or remove it from the shared drive list. - + - Fixed a stability issue with the DNS resolver. + - Fixed a race condition where Kubernetes sometimes failed to start after restarting the application. + - Fixed a bug that causes Docker Compose to fail when a user logs out after logging in. See [docker/compose#6517](https://github.com/docker/compose/issues/6517) + - Improved the reliability of `com.docker.osxfs trace` performance profiling command. + - Docker Desktop now supports large lists of resource DNS records on Mac. See [docker/for-mac#2160](https://github.com/docker/for-mac/issues/2160#issuecomment-431571031) + - Users can now run a Docker registry in a container. See [docker/for-mac#3611](https://github.com/docker/for-mac/issues/3611). + - For Linux containers on Windows (LCOW), one physical computer system running Windows 10 Professional or Windows 10 Enterprise version 1809 or later is required. + - Added a dialog box during start up when a shared drive fails to mount allowing the user to retry mounting the drive or remove it from the shared drive list. + - Removed the ability to log in using an email address as a username as it is not supported by the Docker command line. + ### Docker Desktop Enterprise 2.0.0.3 2019-04-26 From cf1ebc0f046da1c5343ebd4e5d57d62691307143 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 16 May 2019 11:14:53 -0400 Subject: [PATCH 12/15] gMSA info (#1074) * Added gMSA note. * Added gMSA bullet * Added gMSA info * Changes per Drew's feedback * Updates per Drew's feedback * Moved content per feedback * Moved content per feedback * Updates per Drew's feedback * Update per feedback --- compose/compose-file/index.md | 18 ++++++++++++++++- engine/swarm/configs.md | 4 ++++ engine/swarm/secrets.md | 1 - engine/swarm/services.md | 38 +++++++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/compose/compose-file/index.md b/compose/compose-file/index.md index 35694eb04c..00691a9dd2 100644 --- a/compose/compose-file/index.md +++ b/compose/compose-file/index.md @@ -529,7 +529,7 @@ an error. ### credential_spec -> **Note**: this option was added in v3.3. +> **Note**: This option was added in v3.3. Using group Managed Service Account (gMSA) configurations with compose files is supported in Compose version 3.8. Configure the credential spec for managed service account. This option is only used for services using Windows containers. The `credential_spec` must be in the @@ -558,6 +558,22 @@ credential_spec: registry: my-credential-spec ``` +#### Example gMSA configuration +When configuring a gMSA credential spec for a service, you only need +to specify a credential spec with `config`, as shown in the following example: +``` +version: "3.8" +services: + myservice: + image: myimage:latest + credential_spec: + config: my_credential_spec + +configs: + my_credentials_spec: + file: ./my-credential-spec.json| +``` + ### depends_on Express dependency between services, Service dependencies cause the following diff --git a/engine/swarm/configs.md b/engine/swarm/configs.md index a739122e39..3732e3dd2f 100644 --- a/engine/swarm/configs.md +++ b/engine/swarm/configs.md @@ -43,6 +43,10 @@ examples below. Keep the following notable differences in mind: UID, GID, and mode are not supported for configs. Configs are currently only accessible by administrators and users with `system` access within the container. + +- On Windows, create or update a service using `--credential-spec` with the `config://` format. +This passes the gMSA credentials file directly to nodes before a container starts. No gMSA credentials are written +to disk on worker nodes. For more information, refer to [Deploy services to a swarm](/engine/swarmservices/). ## How Docker manages configs diff --git a/engine/swarm/secrets.md b/engine/swarm/secrets.md index e52c644220..0c17032c6e 100644 --- a/engine/swarm/secrets.md +++ b/engine/swarm/secrets.md @@ -73,7 +73,6 @@ examples below. Keep the following notable differences in mind: accessible by administrators and users with `system` access within the container. - ## How Docker manages secrets When you add a secret to the swarm, Docker sends the secret to the swarm manager diff --git a/engine/swarm/services.md b/engine/swarm/services.md index 8e5e0f3f48..3f8cacd1ca 100644 --- a/engine/swarm/services.md +++ b/engine/swarm/services.md @@ -94,6 +94,44 @@ This passes the login token from your local client to the swarm nodes where the service is deployed, using the encrypted WAL logs. With this information, the nodes are able to log into the registry and pull the image. +### Provide credential specs for managed service accounts + + In Enterprise Edition 3.0, security is improved through the centralized distribution and management of Group Managed Service Account(gMSA) credentials using Docker Config functionality. Swarm now allows using a Docker Config as a gMSA credential spec, which reduces the burden of distributing credential specs to the nodes on which they are used. + + **Note**: This option is only applicable to services using Windows containers. + + Credential spec files are applied at runtime, eliminating the need for host-based credential spec files or registry entries - no gMSA credentials are written to disk on worker nodes. You can make credential specs available to Docker Engine running swarm kit worker nodes before a container starts. When deploying a service using a gMSA-based config, the credential spec is passed directly to the runtime of containers in that service. + + The `--credential-spec` must be one of the following formats: + + - `file://`: The referenced file must be present in the `CredentialSpecs` subdirectory in the docker data directory, which defaults to `C:\ProgramData\Docker\` on Windows. For example, specifying `file://spec.json` loads `C:\ProgramData\Docker\CredentialSpecs\spec.json`. +- `registry://`: The credential spec is read from the Windows registry on the daemon’s host. +- `config://`: The config name is automatically converted to the config ID in the CLI. +The credential spec contained in the specified `config` is used. + + The following simple example retrieves the gMSA name and JSON contents from your Active Directory (AD) instance: + + ``` +name="mygmsa" +contents="{...}" +echo $contents > contents.json +``` +Make sure that the nodes to which you are deploying are correctly configured for the gMSA. + + To use a Config as a credential spec, create a Docker Config in a credential spec file named `credpspec.json`. + You can specify any name for the name of the `config`. + +``` +docker config create credspec credspec.json +``` + +Now you can create a service using this credential spec. Specify the `--credential-spec` flag with the config name: +``` +docker service create --credential-spec="config://credspec" +``` + + Your service uses the gMSA credential spec when it starts, but unlike a typical Docker Config (used by passing the --config flag), the credential spec is not mounted into the container. + ## Update a service You can change almost everything about an existing service using the From 87535cb64bef537af3e562514e69ffa981e7d338 Mon Sep 17 00:00:00 2001 From: Usha Mandya <47779042+usha-mandya@users.noreply.github.com> Date: Thu, 16 May 2019 17:51:52 +0100 Subject: [PATCH 13/15] Update release-notes.md --- ee/desktop/release-notes.md | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/ee/desktop/release-notes.md b/ee/desktop/release-notes.md index d8a090e71e..dab2f47196 100644 --- a/ee/desktop/release-notes.md +++ b/ee/desktop/release-notes.md @@ -32,11 +32,11 @@ For Docker Enterprise Engine release notes, see [Docker Engine release notes](/e - Fixed a race condition where Kubernetes sometimes failed to start after restarting the application. - Fixed a bug that causes Docker Compose to fail when a user logs out after logging in. See [docker/compose#6517](https://github.com/docker/compose/issues/6517) - Improved the reliability of `com.docker.osxfs trace` performance profiling command. - - Docker Desktop now supports large lists of resource DNS records on Mac. See [docker/for-mac#2160](https://github.com/docker/for-mac/issues/2160#issuecomment-431571031) + - Docker Desktop now supports large lists of resource DNS records on Mac. See [docker/for-mac#2160](https://github.com/docker/for-mac/issues/2160#issuecomment-431571031). - Users can now run a Docker registry in a container. See [docker/for-mac#3611](https://github.com/docker/for-mac/issues/3611). - For Linux containers on Windows (LCOW), one physical computer system running Windows 10 Professional or Windows 10 Enterprise version 1809 or later is required. - - Added a dialog box during start up when a shared drive fails to mount allowing the user to retry mounting the drive or remove it from the shared drive list. - - Removed the ability to log in using an email address as a username as it is not supported by the Docker command line. + - Added a dialog box during startup when a shared drive fails to mount. This allows users to retry mounting the drive or remove it from the shared drive list. + - Removed the ability to log in using an email address as a username as this is not supported by the Docker command line. ### Docker Desktop Enterprise 2.0.0.3 @@ -61,19 +61,14 @@ For Docker Enterprise Engine release notes, see [Docker Engine release notes](/e - Upgrades - [Docker Compose 1.24.0](https://github.com/docker/compose/releases/tag/1.24.0) - - [Docker Engine 18.09.5](https://docs.docker.com/engine/release-notes/), [Kubernetes 1.11.7](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.11.md#v1117) and [Compose on Kubernetes 0.4.22](https://github.com/docker/compose-on-kubernetes/releases/tag/v0.4.22) for Version Pack Enterprise 2.1 - - [Docker Engine 17.06.2-ee-21](https://docs.docker.com/engine/release-notes/) for Version Pack Enterprise 2.0 - Bug fixes and minor changes - For security, only administrators can install or upgrade Version Packs using the `dockerdesktop-admin` tool. - - Truncate UDP DNS responses which are over 512 bytes in size - - Fixed airgap install of kubernetes in version pack enterprise-2.0 - - Reset to factory default now resets to admin defaults - Known issues @@ -91,7 +86,6 @@ For Docker Enterprise Engine release notes, see [Docker Engine release notes](/e Upgrades: - Docker 18.09.3 for Version Pack Enterprise 2.1, fixes [CVE-2019-5736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736) - - Docker 17.06.2-ee-20 for Version Pack Enterprise 2.0, fixes [CVE-2019-5736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736) Bug fixes and minor changes: @@ -110,7 +104,6 @@ New features: Upgrades: - Docker 18.09.3 for Version Pack Enterprise 2.1, fixes [CVE-2019-5736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736) - - Docker 17.06.2-ee-20 for Version Pack Enterprise 2.0, fixes [CVE-2019-5736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736) Bug fixes and minor changes: From de484334b6d79ff0c4301a5e2f6e05ba515bb688 Mon Sep 17 00:00:00 2001 From: Maria Bermudez Date: Thu, 16 May 2019 10:02:03 -0700 Subject: [PATCH 14/15] Update release notes Public beta --- ee/dtr/release-notes.md | 59 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/ee/dtr/release-notes.md b/ee/dtr/release-notes.md index 362bad8d26..84f3a5b4e8 100644 --- a/ee/dtr/release-notes.md +++ b/ee/dtr/release-notes.md @@ -15,10 +15,69 @@ known issues for each DTR version. You can then use [the upgrade instructions](admin/upgrade.md), to upgrade your installation to the latest release. +* [Version 2.7](#version-27) * [Version 2.6](#version-26) * [Version 2.5](#version-25) * [Version 2.4](#version-24) +# Version 2.7 + +## 2.7.0-beta4 +(2019-5-16) + +### New Features + +* **Web Interface** + + * Users can now filter events by object type. (docker/dhe-deploy #10231) + * Docker artifacts such as apps, plugins, images, and multi-arch images are shown as distinct types with granular views into app details including metadata and scan results for an application's constituent images. [Learn more](https://beta.docs.docker.com/app/working-with-app/). + * Users can now import a client certificate and key to the browser in order to access the web interface without using their credentials. + * The **Logout** menu item is hidden from the left navigation pane if client certificates are used for DTR authentication instead of user credentials. (docker/dhe-deploy#10147) + +* **App Distribution** + + * It is now possible to distribute [docker apps](https://github.com/docker/app) via DTR. This includes application pushes, pulls, and general management features like promotions, mirroring, and pruning. + + +* **Registry CLI** + + * The Docker CLI now includes a `docker registry` management command which lets you interact with Docker Hub and trusted registries. + * Features supported on both DTR and Hub include listing remote tags and inspecting image manifests. + * Features supported on DTR alone include removing tags, listing repository events (such as image pushes and pulls), listing asynchronous jobs (such as mirroring pushes and pulls), and reviewing job logs. [Learn more](https://beta.docs.docker.com/engine/reference/commandline/registry/). + +* **Client Cert-based Authentication** + + * Users can now use UCP client bundles for DTR authentication. + * Users can now add their client certificate and key to their local Engine for performing pushes and pulls without logging in. + * Users can now use client certificates to make API requests to DTR instead of providing their credentials. + +### Enhancements + +* Users can now edit mirroring policies. (docker/dhe-deploy #10157) +* `docker run -it --rm docker/dtr:2.7.0-beta4` now includes a global option, `--version`, which prints the DTR version and associated commit hash. (docker/dhe-deploy #10144) +* Users can now set up push and pull mirroring policies via the API using an authentication token instead of their credentials. (docker/dhe-deploy#10002) +* DTR is now on Golang `1.12.4`. (docker/dhe-deploy#10274) +* For new mirroring policies, the **Mirror direction** now defaults to the Pull tab instead of Push. (docker/dhe-deploy#10004) + + +### Bug Fixes + +* Fixed an issue where a webhook notification was triggered twice on non-scanning image promotion events on a repository with scan on push enabled. (docker/dhe-deploy#9909) + + +### Known issues + +* **Registry CLI** + + * `docker registry info` throws an authentication error even after the user has authenticated to the registry. (ENG-DTR #912) + +### Deprecations + +* **Upgrade** + + * The `--no-image-check` flag has been removed from the `upgrade` command as image check is no longer a part of the upgrade process. + + # Version 2.6 ## 2.6.6 From 536a95144ff0a5d749d51f9077084158682b3938 Mon Sep 17 00:00:00 2001 From: paigehargrave Date: Thu, 16 May 2019 13:20:09 -0400 Subject: [PATCH 15/15] iSCSI info (#1075) * Added raw content * Added iscsi options * Added iSCSI entry * Images * Clean up * Updates per feedback * Updates per Anusha * Update to iscsi parameter * Added updates per Deep's feedback * Updates per Deep's feedback * Updated iSCSI parameter description --- _data/toc.yaml | 4 +- .../admin/configure/ucp-configuration-file.md | 9 + ee/ucp/images/ext-prov-arch.png | Bin 0 -> 139576 bytes ee/ucp/images/in-tree-arch.png | Bin 0 -> 121582 bytes ee/ucp/kubernetes/storage/use-iscsi.md | 299 ++++++++++++++++++ 5 files changed, 311 insertions(+), 1 deletion(-) create mode 100644 ee/ucp/images/ext-prov-arch.png create mode 100644 ee/ucp/images/in-tree-arch.png create mode 100644 ee/ucp/kubernetes/storage/use-iscsi.md diff --git a/_data/toc.yaml b/_data/toc.yaml index ab5da67d16..47b9d18b92 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1478,7 +1478,9 @@ manuals: - title: Use NFS storage path: /ee/ucp/kubernetes/storage/use-nfs-volumes/ - title: Use AWS EBS Storage - path: /ee/ucp/kubernetes/storage/configure-aws-storage/ + path: /ee/ucp/kubernetes/storage/configure-aws-storage/ + - title: Configure iSCSI + path: /ee/ucp/kubernetes/storage/use-iscsi/ - title: API reference path: /reference/ucp/3.1/api/ nosync: true diff --git a/ee/ucp/admin/configure/ucp-configuration-file.md b/ee/ucp/admin/configure/ucp-configuration-file.md index 61e97e5e21..cd831c35ee 100644 --- a/ee/ucp/admin/configure/ucp-configuration-file.md +++ b/ee/ucp/admin/configure/ucp-configuration-file.md @@ -209,3 +209,12 @@ components. Assigning these values overrides the settings in a container's *dev indicates that the functionality is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the Docker Enterprise Software Support Agreement. + +### iSCSI (optional) +Configures iSCSI options for UCP. + +| Parameter | Required | Description | +|:------------------------|:---------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--storage-iscsi=true` | no | Enables iSCSI based Persistent Volumes in Kubernetes. Default value is `false`. | +| `--iscsiadm-path=` | no | Specifies the path of the iscsiadm binary on the host. Default value is `/usr/sbin/iscsiadm`. | +| `--iscsidb-path=` | no | specifies the path of the iscsi database on the host. Default value is `/etc/iscsi`. | diff --git a/ee/ucp/images/ext-prov-arch.png b/ee/ucp/images/ext-prov-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..017c0549c27de311bcbe093b6633e829d07b2f8b GIT binary patch literal 139576 zcmeFZWpo_Pk|r!>vY45fvBfNl!D43HVrFJ$W|qZZNfxsuwV0V%7Iceo{oXq>JNtd} zZ~tzeQ>QBL^uZSyUuKBnSuyRCzfmbqEOPzX#+N0^DCp(u82#-!DiP zby*3Bx+&t*zYRo3Ib9bB2xP2(4oHaXT>QTby0)4+t~yGJg60l(tfm$YW|pj;c8-6! zAs_&rf`3o#EL}~>J?*~Ry9jy;Q~rxX@bCFQWHw6jf3diJ6Q*XKOYN0RaIvc1|`ZZd#H~n*;uXz&%IkL9)apaN&+%54&?%yi zeK+u6g{7x|B3#8DEg0~L8g=@I8~-lRwerX-HiVf z{6lV4mKb_%Gfm)^Eh?#Nr|6c_E^wv;XzWk5y@M)pGBoWe@@c#Or!2bgd`hPP2 z|AG5&m&pJ1FDG`(zK<^SJX=C3d$Wz8q5wd8{Nsgl?KXtqP#vg!KdKuFv97=J3DCa| zpL<0`J$ED$-33?vU=d%x_3+MjqB8aIF6)r!ARCxPpfnWT|3Y*k8{3;A2qD@qX!SjbzPkZQ)W!DrAw!PXO=>k1c19qcpekw-IK|=7%Z~! zD8PArDaG%p)O5r0rpiq~dZmmmAazufw|NZ?5%aekp+mlp6;{N``%i5Ak0O|;Gh2&v z8EnjHVSU?enq=5lI{w)p<4rv(l`eHw0{KQ~{>ttZ%x;^3gkHbuQo7N+>qdWO*Mf6f zezQm)k8RTqy#1!09?9YoSvUtm_`W`;jqLy_PIiC$Ulzeb!&0zaqVxWVi?4sSeJq#X zWuju@mb`{%@WVv5*H-C1R~(MffIm}Rg2OB9R+s4?gxh4BlFi`mt#=l}o-RVP71N6^ zsNpq&Nz5*}Zm+@Lj|7w#SAGnHrL?V+)JeT;{Oh@t%Lt>KO=$_!M2q0G{W5Hy^fX2( z+;3(O`8D}85xIP1LMcNTBZv}*qXId}uu|5VYaU6ffa`%E>m0#WaDmDASymwX(;t<| zu?d%|g@wDZ&}0Nc7RuNI)&(;ov9xiaQauI47 zY|u>9gel2>`BL^23QrC>K~1#j!cy$G$JXWhKV5^Ilg`j$QR!tu5MRF2#kbz_dtHU? zYbKf9Vs-T4NF6%8m12Gj#KU!*%P+8D0fsswBfP}!UB^`HW1O(7YLx$x8FHus5N!g0SS&tGpaAZ6r@IxH0Gs7Ez| zns=qh`*3z%YjnnfDBZBPyFq%CFbRu~c(S{+1BrwQ_Ck!xQ<4Q|w@7lPbInRhEyndf z(v0hC(gLTt;#;4xl&3RyJCsxVF-AyFd_*a*fP!H1Dcs_INSx~9Xa19l0{y&~eH z(Q)SMWRYoQ8&1!;AKei&kV0Ccm}bT7+Hp}C$W42t!Zs9ixaM|R8*;N85x@=`?bQ_q zq6eN+<@Sn)Z?nWPvzZ_1N|PBnpz&sU{QT$VciO7TE6wM;`5%=qXVON>OsN~OFj+#Z z=gievG>iY5PO135MyKT8V2@B<1eMK9)%7@TAvy1H-&AiO%19wOUTCANw0mKmKhCQO z%OGsnW7(7rcB`)#3ej)2$8~hhlU|XtXjY?~4JWK<_ocC-mk=X^d)Mlx*eZS$P3NlaK zaV66wvg#PNYpdT0;o;>qMlUozi0_E#NTNpn^t1iDEy(?hkn1YVh}qCS7xlqY`B0aXSv(01aHAFC zljxHrmqaB?$l4(TX-c#3=vkS#^`K)F$$pv3T?e2nXV4caiV8CtgneqD%qoO0%dq_A z^#TTka9Zd!@k?31Wkzq0-6~!m+vbP9yIwnC$2ks^CZx0Lgibvjh{VYVjhG#_!{h7_ z5D!C0JHraF5Hc;+3WF}56`p1+Q?3_op>Z?@Fpfr3-ptr(2_tpMFKJyuL=nMl(cq<0 zKBo}Tkcs!sv$IlIj_PC?N{B@(%~BFmGWse_>X*-2F- z@Z15IPkDxm<}LrmQlXfc@O+(wT}A1v@5X8*^rIF$xijWZ${IR6rexx13Ghe1r?$zD zm?)UW(SJxd!ZTCER~+261d*|Jhx@1aS5Cj(MTiBTzDN#-yD|GPrY0km>I1w?UW-n6 z?5xj3@w>P9WAQd>-kT&II)WC$0tQ&Cd?_l4D^OJ4SwF4v)7?Lz7mCtJRW+4Q{;`_& z6)gH*zGG01sP0sN2)D%GXy~zzV zHG>^-EB#O7?5jk z&TmR4K>4SU9opqsiZn8TI#Zrg(*VR7PM>WV=yFf)fV3)8$3?@v2dTt@9}MP-?E_SF z$hm1`xZd~ij>Q!q6}6HJi;%ONn~pC>UXrCGJm_9~XwVj9NCu86#%sY74=U-eZqV5A z|Bw=F(!in?8s?Zpl+9sSF7gSrr`Fv6E~f2KfD|J|k9*A6&l=?jp8Jt5$nRPA8Iz^M3yejYuBClZAB5#GuBiRxJ8 zfRx9|>HW69Z(^Q7ZANT0Fcygjr_X|1>ByA=R;D{95tB9&tDx?v+Tx~FN%?G1U^SZL z<@|64k!$Z-R9h)_Y)z{`n7hiJ>Hqt<)b#8`@rm>u6(`mO>Cl)yFsE@tS{9dZR6BBmvP{H%CQyfeEQQ(H?8@a;yJ)(sD#m`6nk=f$dO{b5X~*V)qB%r#=t7zLJb zHaKaVBt|t}avx2+5EmA_nGU4_M)rYH0)%0_de0{?0u+texx*tlchsn#p3mYJ;QM<8 z@T|`=U7NW6{7F0q!uI>-gOy8t{UMU>gZ}y>j>;4}8G$O2t^D1=Y`=lA{F}l%#EN;R z^gXw`vFd;?XS{!^GJ4-Dpavqg_wnfXIlJ0`45?vQB#^ZP3IlJ~Vr~e*M%IS(;_#ZSA8$kPhBQv+Dsm{!fozRuV%tJ@HYtZQuIb z>h*LO=Vh&byQe<%MQ?&87u}lfHNX~Aj|N_k+ntu+es_7u67V%E9ZN$N61tl<8!6Q~ zTFdXZk2M;$t8YoiLTI0f&-~@}V!Ldee;RzG->4%5^^Z2_@CRos)#6NoF4h!QL#EwO zg`1FcntopJYZMg%|1OrZUh+*gdO^%#c>$QIjDKzOsD|?3eUR|<`{v$N^LD}MS#q9s z1!&j3T%9Ag#EAArRkh#uXmJyGgE-Ciu9e`uv=24Gi==xo7kXZJMO<}W^`aT@zkk4c z_)TUkLXM|0ol?KeK0gMXwqP|>K!}k2A@$+uXPx(5{6lAUsUn(~BPUGjLYIG?r-xpN zHIqjn&&Vb~D?2xBlBbjKAZrnxnjsQ*k1!7HZI-Fxaf(}wzWt@jZf;{W#{a7371LpE zb8eN*!B~fq#%m0eW9=@-oX?S2H(h{@rrSF)&6NIxMFLM;{)X?6^YcS|Rcn@#X!e~b z(K;fh->Y&0B{M7yr+hs56gE45e>j7*rO}~&%ZMqV*B!&?#Z1%2!Z`!m*QKUJ|!9}V~R(1-x#;Em#bThKnuBp(Yt>ao* zRjvM|w|B&lq>0EL5IU;OJ^n6;q4tn{q8dtE7Kw|*5GIu?5K&?S~y#PI%Hc7IZVFV3wrg1D-Wup9O+|7ZIPC$p*?4?PWm`#5o z=YZ{Fi!F;?t1PRrt&Z5^cFlu}nC8%uT7m7zL(r$+J%1_(GPGSZ@*A=uGl!n0EuVFn zVu9I~ZhlkHsGWo!B8 z@)$A^qou56XN~=38VL-HDd+PmRPMLDNUt*`8$Q9~qBadlto<3?F*%@s!Ojk2B_4dw z@-}@1{1$}}`zUcg6ayaNgJ#==F-L?mT@1H3^r)~$MSZUcGcGKq>$}&xJqptM&Qb$m=6#;0iUONXWPvf>4z>wE*WhoRGmfwSq3eVU7JMN<|g{O&)NIk*Y zU*|fePav+(R;%>H#)OFWs>0rwzQkFh3=fNyASnwXrBJTbyzC<2GaL5Z)5TiJ*mh}On6b(5imcQFAMiN;sJQ&SVGh%BHw9@z5I6rAG%k zVSRdAv;<8dkA9}idr&MO4HBfiA@Jx5hQXj( zYarTjPT|r2dKf>-2=852!n`>{XWVHD!1t9tE;YEFDM7tuVFrrgmX4P@7c3 zc)t<%XXMB(nJ=B)^%@@{6jqo)UA#+K2PD*u;mNu2i#F`I>$43ZXj%0Qj%zHRSu0W{j>z_`wf~dkQ_w=p6JujKFqnPpQuuc>V^iN^I zq$Go{CrOi_&0};y62yHGbnaMKRAAWTt*cK0VDjc?^_PQ2L+9!Bkug+a2UUqT?%0{U zg?d1XEHx~?6NV?Wb^o|XhpT%K0N!O9{oOl8?n^9oQE!6uE$Pfd=ZO8&X0`VdTIi4I z9`o=L=0e}RuVU=$wNOHYqK_|DPs7!O@a6|O^MGV_tDmV=Y#Pk74h;2N}x|+n20L zNxz?_ZOjH@h|t0A(zieS;)Lh6Ty*f9P`YDZug9T53%o7TNQC1t9MydSwl@oaRgFbP z%k3w0S`(nPYNA*}`k?R1)f&6D@b!jr$06bZ$$s2h%3Iw^o`=reXwc-oPvCCAR|`;O z9%$b~QEik%S)c#Ww%qhx6)`NFv9lU|O#8iE=F<0<0X2aT`*)^P7Z_4q(v@W@^g`ng zQ@7UFJ9Dt5qIfm&2tR(*!(Cj&OhNy*5p!SXANtUuv-~yR?AQQA@oC+yBuxhyKWNZ# zkd&PnZzC}5<^Ah195 z5(7i0Ey-u6zergaPJbeMscHTWMFRT;|U_Xg{d8$9rTJV3*C)WMaI)06g*;-hXx^WxxS6Q=EBC0SKq`@ZNA z93^`Hf~pQN%!$ktV}N~3NGnN@DM7f`^|M~d|K`N%>0K6=k&UMlLd(Rc;PKB_FHh)H zeovo4?`lr?r375t(xfA&F$fVXfNtQkz9(Gn{-*p{(SYJ>fRL_8Z~eCToH zbMLj6XeKl=dcO}Uyghsw51(dT_(gw2E(0dTVM3nSUT=rkg_|35Y9iG*=lH_K7TW&HGwuuJ-d*HIf1LK6nCz2Rg3$W!KL?2QzNoY+4g>tTMV9Pbq{Lc0 zU(I_g``F>|ozv~?&(kI@4On_#Oe%bLlA{zv!9>iCifR3)K$0ItQsh7xvWhVhOHcgN zZ|jPIf%&ms=66Bv9e*Cq5BgQu7B}5TwC5dekEJtxQ0sSH;0~1vlghm}vZ@D(mAlo6 zBFV!M==Jp2%hQfcIFf=qXJYS;KJ;l+?E3L{0I{C26aHgiaPcJf3?cAI2NLUdqTA%# zvH`DG->l&-@(H)Vpmajr=a^Qx4Z3*_hXzBpI*FbO<6LV;MO|8xGbtX|nz!#-t*y->xFj1^3&&fczRL4UA*uj%)390e@o52ptVIE~lsT*H!_>wdKRr`V7;EU%2}TMkZP})&RcC%crWQlAh0` zewof<3Bb`V5Fv3$X2&RVy8qGTB1r$XzyI;o#$!u-Nnv#I;d?sE3dhID%aHKUvG24e>x1pe?c>gBeJJO|CFF7=w=dqqihEfeXJmMx&JQ$fZSa$MlOJirhfW zi=GnR6urQYYHW+dAYzGJv>{V~n^(-AM|tTg_1v^Vs4;v5C@W4h?HkRlDk$kNU~~}h zylo}#X>)?7sgPe>Z{rnx7nXo++SAVVGzHoOA0R%^l%_nxSx>Fz-_Rv->Gk!Sm{VyG zle<9~_sx_1n$S%XG|J%>TgHT54U%#wqI{>bm*`=2Y2dMYn4HS)8yN-yUy!Y4$csBf zy-{Fv<#R%?5)~*1p}B_4&US859&_}04*ReZ-99;jk7v9~?Pl)cNM$#~Z4+(2r76Z1?ef=1YvB z>?J2BV;W=d{&0$&S{VPn^Zo%H+n3)79~un%Nc&|`B%khhgJK_X3YHl2jT=ko`;Ot7ZQC>GaFAXWS72*hUqEsQPUfZxUlOzeklxCTD{U#q z>mrg(p|m~tW;ZY`GyPSH8W3%Z8s)jMA+&Il5|$=ea=buf`<#u&QlGpatz12Nb!d`(3&JC z7E*9g#tMWx!{`f3VH=|PukEsow-D?4qg~b(l~=D$K*!hKuT9EEcaz?c zSYv;9*L=C0EYMrkVXE=ahA7_hXrd$K$kYXC?;u3A@T2u8P%`=Gv`Q1Bi1=znF@wP% zcHr1Md#jk3OBNG-P9L7o+8pwnY$a$*Z|mf*|1V2DwOu;6kXGPL0xd!i;g=;ub)ae>9Gg%t;qUv3^}wOO+b3bM~qM|6czBH)0Qr+P8KZvICa0 z09hN;6nuPgM-2c|yElKz^*+;n8U35y;UE3PUmKl@u0JSzJ%;%EmFub^-7=^CS>Cb? zI|cNaXLBxelM2`j+B5ooY<@a@LCa2gY!2MxgzMCcxY<8E@?VX}B1E=>1at3ai-~<{ zlfbFE92}?`e81Nk%!Q}5Z+7%hL&fi)$Y8RGqxThr31MSpN~Gcc(T}4*<;gznJyf8V zNZv;ER{l0wnImtffbvQ`wxP5Vlh=atVhRUM6Ako=wCGXH6uS8>)h+5}RJS3>qrun@ z(Z$WdnI#LAK}3Pw+VZUAyR`2+HQg_FBo=tLly=IXv%$|`C?YI6O=pt5hQY_!o+5tr z`DOiX18zcq3rY?3yNigEU~g5B48e88UHOb6R~~+#%y*?ivC)}0t%GfmPFWZsk%;Ta zU{n{LkM@%5S>07vm{vg`l<=}EvoKm1 zq4GGsifGM=H<}3rAFW4Zk|al=Wik1JUtY1VS|kirMTFL_uR_0G1fd39Of52aKsDje z%z;zJR?JYOnO#K$z@mYNO^lNFi@ON8%0JOg%yg3Tzyo7Jc8VUKuN!aWvF7Gto02eE$mqJb)*5C6)VW z-(l{v!D_u8#Wjv8-Z4|cRj2^Xl)Iz0ZDOB5EynmDl+t((>KnVt)S08jjNMSGd&1DEyD~W!j4MLKF-ZS4LjGb^ZJf9j)YaT-_k$r z&Ucm}4v5fA6p`=RPko84PbebWjumiLiM+S^Txk}{vckfjAV?niL#Ti%0ELD}d>f`p zgp~W~8%`$Hc_ZQ9TV255x7o_iUbP<7eqXd2vab!9=H9R`%EHex%(riB1qod3_zs%E znefmz2LNHj@#VOLtMoU=%)KsGvyBJ95yQovkm9UZ-I+W05yLa-5&wKgUXXuknqh+S)L7ZpRKgEa%U=?~n z^%;kUk}X&Al!zNinw5*vY_Be2+JKKYpnn!Y@U%wOfds|V>r-ZqKzuhK&DWoh{eu|z z&UX=Z`Zu#z{M%`1jP{?Bjwu5eAi!IX!L{7eqX%7ljFR|Pn+W=WBrD8&W}qXHm6-WY z$XK5rjvXhVVm8wlt?G3V38vDgIV|%7E&i|V=g(11SYT1Vr7UM9Uw?Is_m{Z&gJB1@ zLlR=CpPpb8h>vG|r=w$Ok#gN@-Rb%aYQ+Vbq~@;Rznb&L*{v zZp7;L14>Y$Vnv`0=CiJa*&-elu$n>|_B%ZdvR`k_V-Dld*%Fya_uy@|q6%EA5~DU_ zMV8OWoBeH>fQEfI3>TSG{cAG|`xsM}z8^Om+Cz3B7~duEo@sCx z+!`-LN>yDE2A03`Z^}s<{n|et8!bh>^THpPH6n&n2^MpJK^ZYOL^HuVi#f)d$ZKOx z77}d|izXj(T3lNQlXe^?PO{{4w+_cbNmp!k^2m$F%ii}2Z!R@8Xyv;btEkT;-+q~a zdRnkFFN58Wn^uAVu^+xwOucO-`^EoZ=U{-F1Un+f<~8CNtKzc-7)19+f1X z-gA@iy<7}z?tXn86!hG8Atm?Q{^g(Ti+Ag9qRXK;`^;mUlKyBZUb%?^ z={6zqQ5WGwc9v4?9*z8KiBGfCaoV8JO%^d48;6cJ3y}(ee@%ppwPzK*!_4d#S_#Q8 zf8hO|#?g~YWuNQ!V%OK*x&*$cPrPkSlZ{v-o}|vMjTM-k9c`>kNguG`#v{Z(kl`b( zLA#GdiJipOJm1b53wfn>(2yqaj*n#lH7oNJyBflwwG>0e~2djh+Dt z)~0sPFEM}jVVzaTm}m>=(j3LlW|p%b`A;j%hXTz8%^kbIy0}FmTZdr%TCoyYylvC_b*b zn-5>wm{awS59DEwSh;$+;86pbv44LS)uFt~Ly^Y5D~bBWr`oX=(Q#U9 zK7X)nY)H?x$w`D}ZKCiS4KFl|Z*%N%>deXL0Dwk9PmbTTJWz%D*Dw36#zf+UNz&WN}`LW7W zN|*+Sg4j{Q@?F{B{ZRY;+X#xcNSAG%sCg>(aUUXdes>cx6xzi*MGhRyTU6|vI_9l_ zgCkyzpoZ4*7DJsrb1MyrtaRK$g16@N|lW)-ixw zq+|C-I1&5<31cf9Ns{1v=rR95S@EHN#F;*hp1r*rrKg0Vfn%oZI{AAh3v4T__M)t$ zxp&#G&y2gZai+xX9PLD68cfDJ+CzVW1qu*1`5pG?)%~Ac>0l#g(IjXPmTDq~$GB9Z2zfZ=-GWF|;XzNOcDiDXquu zdx1jOpOJpkHk^GG3@4dp_M|cY9Y_>F3^g0=qZ*9JHdRXT7H!DVo^5h{GvfO70{O6r zesoOx3PPb&woR<4z_LkLZ?^2DG_;7cQ{rO_eV1ek$tK(u3aqt@eS6pk$f6(vBcdBn z=o^~=Htzz#A;)b?=ojWanL)-nsbeF)a3lDy+UUe#g;avpHXD@}^#CCneq`Jju>7o( zYH9FuTy{pW%SB+yr#X|Olm5>xTi)68UV*%P+De)W=Gw%=un&ZPJTg5iGWZ{IW8R%Qy`p1a_mFxJgo6Z-jd>?9eU6CXgfJ$Rg`m zA3_QuUg8?((Vx|Khr(a2NV`qlNoNhKf-Fq`#*;seR)@!3WIB{B-21$PkkTtY+uG(b zwf|Bt#G@QUwviW%9E?v?=JgMbZzA96L?<;?BE`|UUWNV)UlN+L@_o;HrW2wa*Fv!C zJL{+b_UHTv?w~hjyjOb_jke2+nVTVX&u@9Ef&Qo$T~1ly3dqOhm_VkIkm zfN}fa=QM_W3;$&Qkgzu5`3U2!(`&CpVvJk5C%`dLC;;TeoDB>1x+_UxS6>R82HT71 zVYJWdiTU40{F7z2r`XA&Rq-2MU?qb3E$ld{SOG5@;Q6;?n5ur_flLS8qXphKSb`IO z?r&KAGYOCkI8LPPY&+ftcR%&x!Gwu~c&2l1C~ergrqGx};ImR0aJ+&vQCe$I$&p)n zCyxdt8*X@kCwL5+Atj>c_H`F#vJi;^ZCk_Snp063XkHj8thdTg>)IQSQRnMNa2tWb zkVGrGqnQLE+qxMNqx}SbB+VAqZ>v=Z9kNqo1DEY~I?mL<<+kT?IQBY(7a|U~7Mj#` zXJMce0a|O|Je~}>Qr03@0t5^+;8{cU-4qJFoDV%HRrB2I3R6B@WuXhcD&yN0<$J!Z7;dR9R~>ybO5wQ|t`%L2t&1ZlE(EGoF63FOkZ#CN zNW3^iI4Y}rL)rS}S^O1#3CEe1@hOlNP6Fs;$-x!JIBdGUZ0Bt@^kl3OOtp# zGVGF!o;@5qsrLCGR$Pq4u%D~SnE+0hq}sm^KNM6FE>~mH7CVn58s;~925 zxGr6W=~;Jl;QTA4K=|=Bfl?UJDFTceNt0-3Ri*Ojj==dh!9{2~aBaUm-?Xp95*a&b zB$Q7G0~_?pj7Gf2O&nMOu5Ue%r15LQx$hr%1*Xq8@OG3l*3Z2JF(JJ1qEGT~ z@I1uQZ>k~*S8ySYFvR8Q(LLj)e`psg4J`0uTs+XVo}OOCN(T?W7W`9PZp{Rh$)aLR zu2Bw-s2A4Xb+nl}%H7zBf70huN{ua`0|7gwhjeGZV1V$I)F;2U) zLeYw6nR(m-5P~imZxE0Wo01{`YdpBqg;j_Lsr-Iq02`*ETx|%5FvIkw>fD}`y72Xu z#-f9oCZ7qlB7-qOiXKGdKCB!>>o;2Qm^e>DW*Z+;#WFXTE!KBY6 zE0zkj9yi~Jz6s%dw-BL~>Wq$lvJ=s2kuY3u@R6esg1kXtp`99grZz9>kj6=Er!y8R zjFI<}uPUTYD(_t?kpkOb{0$+=~?D(Jst! z&e$~I&Of`TaG&6)(Mi?pl@3+7gB)w$ReC=3cPbRKkeHBrTP6SeuzRG<*4~|P@oD=8 zD%QGxeq&TvR-LTV?eb_rstcjhCZeSlW?nPp5sUWBgBj2$nW)6Wn?^j#?D}ZXDia=d&oa|PM9H$g0K=M0B6GNy zQ}|+_v^oPfc`1<=MRcZ-#)Uo9c*0x~=zqU1&bZ4UqL~g|;Dw3r&&i$)4pr-RA`FtI zaSu@!&-F0i`bja%oSS%|nipng00r>mOJ%fe?`wy*UqWoihV(fx@9C!qhep7kCzGA~ z)TZfMIB}wkgNLDruv|as13vw+k71efNOztBNLym@(PtMWz6c^{8B9SfK$p#5!jcLb z%(WX1+rkA-`_+va9~~BZG*z2}TmQO2%3M$tT1k5_gNOl~XbBqhJEenp8H<^X$&G|p zc|kIVWn&A)QdJ|Sds2!Z#SAE!_6o?hu8<-+syy8?3nLO&Dj`O3&Sn#L$K+s6kD2NS zdo?(=JPQ-yuAm#&hv2Qn@FF?WY1yBH*!wKkg?IP1y2)?(HVpl+y(m`d%VZSqo^%d_ zu98wNq#a3F)@ zLc@Vw5^UiE6!mY9GTzWkF0dK+>zVo%kY5VEGrB_ zF2s}9_xpf@&T`8MSaywx5JXe)UnOu6YguM(CZZKtYs#4t%?T%HDW6+7p}$+kj>c=^ zDyDjkReb?!2pshbJmYv`{RuOfLT+!B$mcgg0eXCipmh^+Wc_Ap8|`Z<6K`RN7sioF z^Oma*p)^1qGGn1q=0Y_EV+&I@GLRI#XZ(drxI+J{fGz4yBs zNGnq8gtg%VRHXD3U4F-NAXm<9b~h!?$s?bq3*Psh&${xnXjtq95i-j_2_g!SUXGm= z+Mej*v-|xm9x5m^S3iuw=j-4<7C>JnU~l+Z6ucMaA?W`}{0ZO>FJ5Q2bNwVjc2opv zp8i*U6B+U_ucBEYx3kNd!W9+GU?>w#pi?3^1|sFKIN9Rq^p|%Q!j(98iK!lEUbkxb zElRBZr)-)(fpefD23wI~N#XpwooJAW9~%DTRsJRwTa5s{5=JmMke=iVj7rlWOEy!$ zx~cX@#)DD{6JA1+=S5G}qQ;RM=b5Cg1@@Fip0T%-#|wS#kHCcS8DI0gN(%&SMk}YaHNpmQbolD4c62VKxfP;FZSC^!4tL$L)SY(943;qa+N{Nex=Xq*OHLtonUfoSkWk$%VH?g5pfLZ- zpxeS%dXJihpD80yB@y4XAj)b&AJjPb$MUXB-?QnXRyJAs-^6?z>5zmCv*Hz>6Kk=H z1B~4sWS(dN8h(!;dCoy$VlqbkJK}PwHs#Lm|UbIXiuqH+>GMB ziHezWA(f7vrbO)mzW)3cbLTG$(h1@6XeR7Gc5XNKPlvq>zZ4^Tee0whYsHHV(QWHR zcdi2oUfg_{+y&2qUT}O4x6c{VrjPdlq}|eJ@EQ*J_nrT2qc6!F*Kin=rE+&tqxO9O zUxaKkuqx?QZ3!t-JWWr}1P3+zYQ<<3DW+l4gq%Pwl$Qy6;%1xD0*D4FmV5pxx>18| z)4R${3UDR;2VE`r+2PA&z zI$1i;O48n8pSRf7WS~P9|Cm<1s|WHB++ZaX9b+4Mylwg1!5W=aCjqSA%!VzIJEVvJ zpR9=EsYMV^E!-5_*UK=dmWx8yt%C4y=G#+;EzkUiMWQnyr(((%SC+>~@mnS!ym_As zKQF2b9LAL4#u{f#@{w1&iVPnz8JPB{UtY$jz4Ccu**|1NkjqHDY6BAXx_iF)P#90e zHB~Y3h>WZMAmo0Lj>h_A=~{RH!Vj6* zxib~Tx`xjcZ0)ZvD1e9Pj$)Hw(k~UJz@EvV*|ou}yi_V{S_P9VZWe5AB%OkSKBgx^ zRv7}NP2ofu{_!LKZ^0SQH`i>WM(hJG(on@IT_Ti%`}VECDdtQ;Pv}PGQDME0q4@P? zqUysWyFbZcLi)7*o9yW2L=@|#vp>az^&2p&t%7}>n)>*{;QTN@O!!8qgN)L7`TDVI z1403w6Ruf2X!duX29Wcy^-SjAu^Jy#eq-Jpjrfu`G_m;B+)6Dbg!+IOfnmC5NrGe} zzGcWLD|UZ^CcH0=v`j86ARV~iJo&p&h0umqwB}sMwt6L_jVlw`jCB~V_yd>~pL5f`)`lb953;;%MAds132HR% zh>6E5vqTy@?zAK(JZu@>?eK4H3&xR`cv()pj)YO(BU8cn?1w*ZIU`uF`k8F1!%a#vJQ%~?MQeBoJcZDVPu`>-C#@?OF}(9%=tp%?jCUmA za><^arD2`#iZQbc;WCEo+3P1At}2k?`Y6dR?c?SH&66Rzvt%CqxN#T|Y7|0pWUl0) z`_itnd61B{yb*@VPV{BOw2N?V6pN6q2p*yH?J8ScB7P_A|9na@SPdHs}y)m;MKa9PpOk8vG zgm!Oz^m@=BL!A~&A?DOMh|xF|yZkE#X(SQe#dhgirO0_%wv#};pf4#j8#X(wqzrYz zDBx?z-}T~pL~N&pQT;Z5e$`(`#P1H<^ULRcBq8l*k{y8?*lF!Fb{4Ffav4+3gG-6_ z!W3H28WOrW)`FFY?}nq76ew3>&PZ{pZ3>tsV9w=RR}|t#vlQiaI>h;fk#%$t!$80x z=(6+z?0n$ok=*NI>9Zb$+uGlIu9X`SOfuGjk}prSJ@Tg7=SQ^mU0Jzn?bxM^m0xvM zeK(*%5ROg|vbXBTmm*=@iqY|H5&!&>z+XD?!6}gorTp>=u`al)HwMP2;#A<$^klSS zx{DW?GOxE<`%$f`FFC#M^)dU3klUq^_y9kb??08M3$p zw<#7hOrB!xsn_a`UpK2n1i9A7O~ukQ)o6tQR%%6C+ZF~f5qknsp`BW%byY`V@#FZW zP=&5D2gY1$lXUqF^ZC-^Rm1o(yg%m$3pcNy68glENHj8;$b&iP6p51}AiS&5!KT<2 zC3^paAZY$^#W*9KgmSSAb6G2LDxgJ;55v61hv9p`B5D+*Kr8U2_k~ERUeEX8|NJii zZ{xg~D@_<%N|&cxsE)6@*W+qfwHON+@Up7?ButlYk`%>xsj?RFFJIR!$Mcw+a-0%? zQ&ER%l*ATC1UxHIB|Yno?&r&Vim4kH)E!6K=N3?@xZU$ik(5o_CP5tZbYjM5g7$+iByOQ|hZ`oV{9*9)P!V zuQ=s?9H)*c%2BxD=zj*8UCl%kUv9^)-yLN`{Zh)=x`=N-b^+tk%`#&oDi?_Xf4--w z*|uZgDI;ZzM}FGZb!GCWlU&J9<5I7CTa@v_>9hsY4PZZ@5=IJ>Fe9L~1?)_km$md= z!I-kk#X9optUI}6`d1}*KaZPu!S((KONmq!Cs8SMSR8!w706ZN?oac?9k-Q&7V446 z)4T|wGGV&&Hcwb6A|q4@Dgxb#2+25i>z;Vf6{sSFdGnG#>AnSyKT*&hf3&u1;;MkI zs%6#x7kh6R6xY-33kMin27QYEp70(|G;c*gW#}SazeCdQeEQNEcXki~A!={^ zH)+3;l9|-ETzg~Uk}`jE$sO9C4X?>~F>U1@zVY%GIUY{JJE=`cOn{07r+ z69qawjps|cF4n2FC&hd}!uqi5`Lak`x8Ob2T=Twd#CQ6!-uSun?SyE`=E#TB0E@Fj zgR;pth|ZO?_7{CKewHVZq*s#Sy#^oiM7;&a`iU3ecnXVDqF68TI4C%o-9%m15$DzO ze?J1_*+x28XXh~Hd$1R0FXT}1Dra82o4iV?rX>`mp-iU=?pp1kXoQ?pK}d0UoJ5s0 z_(`T|dvZaw%i5f~@6Wfe8kh~ZBYtEd5T3u*fC;4z6=;KU^v%sI%{TlpJZ~})zI~D# zQL!z-`8(1BAFthx8VAN9=%L{j?c7ZnE^6k%#%YS1bw6>?hvlOtUiET~Xcu zJA~Dx%qU#6)KbTO-YWn^&Xz^|E$gM-utJ!?hS{CpRW~h)?anO$F|>iSsApPn4!?f2d-@(OEglYR;=2oVp38{ zZ?_J$B-o1+%M*@~S2I;9U%oTQy+<>Z$3bS-w?&c{O6rSjwyr}f8F>E&YpUOAb+aGs z=x9y5-A9^w4}fxw^KO|kn zP4%}9{ymgyukfyWE;-!+xS3)X>+`e0H7@n&`iW4MY&*I%tvN5Jx6{Nn?RH(w6zfWM zT7eq;%+hNY*>MI1za0JH9r%gICr-lTU=z6_v5^xOE-3vGVz`)dC}}+=-xm!-;3OlN zkxnV}w!pt4OWg?AEV2o=J3v?c4SlU=8&p%yYe)Bmh?n@C><_~aoFt4zy+N65A;?p{ zFYak_76u7{{pz(U^Y$pXGXrIbaTKqpE;~EFC!1{tUSvb7P{tw5#IE_3G*mc0>44~B zOG2L6@fq&4P@S9VkiM5>9H(t6CrDDQ73jkvX=R$O+um*Ko6(b{w4A`Q%8 z$HN;(eu!8mk8$tZI8tA14Y{eNuXdz$X*|%TOx%6v)bcZSIhYXUdy_G2L8ye^=?o;Z9H2LUZ&e-K4I#8sq*!~;Xuv@p zFS{CqBzls`pQDhX1;Rhrj)aFsU|s&Y;F~a zhI;9qD+q;mqzgbu1{?YQURse*9mpR6Hyn8Uq&0*r>TYYZ`Y?Sf9(F=R|A8A?E+TC9 z9-GS}&v}%`zHljoeefN*qlOoY4(6RYv>l~dz?!&(Mo3hGwv4#KkF{7SQNE;WQ`p#C zR7f0)SyrxehgjuE^dr`orS*?H>d%oA>w%}m1c|CXp5{r*are=ZO9u?n?MIPVo@~BT zQ!q6mmRSiMaY_;HXw5{UAIvW(r=pPX)pO6Tzlgo$N)+b0>oVnY=VTm{_WnYg-0Py( zxHGcf89gx-5-JM2wzp9@iflIM=(W`n&S;~znyK56!V{h6LXIBxq`{*6)NPltnQ?&G z$8cB|huIdazKOI^jPxH&4Iy0|ss~|b=}3*~!Fy5Ry>+m||*hy|(POO&Ooj@sL`J`6HaOt;xSF)}^=u z(N)(t5IyS+aX_W|>Cvnc!(xO~u_n`g^rOI?00I!_R*$)gFHB(R0MT z%X;W z;y{fst{EqpRPZS!r|>Zv621MeZodaXT)rTX!M zHer}%+f5+VoCG5*&3`{n_E+(&VR(kjF0^kyK|Gq&nE7GlAK`ET&=g@NcYX;ac3WVg zgkP?F>C$Gj#b@A-cc*VhQhThBmp}K@V^}lkzGTd2CBh6HYK0$Ls)g21GO1+Jx3Oiw zTk`?9nnY&ieuWdO73-h5q_a+k&yH+Pub1rEPQ5)#G%xZx!EbRhua z0b+tcvLulmCSOQRUsS_yeiIchJ3S60z9W z)*3;d-*F3SGU%2U=|l-#BAsWM^F}e10F5OfYXGCwn846+@JFKK`19x1Ks z!tCDyW>B@B8&r@w;CGJoW<$ynq1B`veiCU8QwZSP9_<(b$(^vQS*q zNp*Na@%RjYK|4e|p=m3k3f_RBOa_%o zl_xYz3K&GXt|)ISdVd6X6R%3ZN3s$R)j~_};`2<59y3pwS*O^4*L2!gy2{6)*5Q1n zKCJUaNw3)Rkl45f@_xiMGq5pyU|&0Ko*Nl&q{Xr?9YG>l!~$__gVjW0CaQnUQG3J+ zjKAdAqS)@PQQf!d!y1v@(PvUjh}QgJJ2EZM4gF&D->i>(XxtK zTy$uVErsUv5*#nXiBjTJxaVt{0S}`Kx7MPz?yPzNe8-r}pyIb>L$g<2TeD-V>+RVp zu^lH;IlWZczb0GL#p*Zu1$7^bXqmgc$G=`yfkFN-vsYq}@{crG)g?JRlGrRva4{?PAiRU^IKula<4i)%r5rc8F!O957ymG|pG|0?fqCv>xnqa(*ebkpYw`#R zB(_9w{^-0VF&1oFUpciTiZ|;!kr-NB7QxsXTW&H_U8{CvxOzmmO}M3W0q+CXnArpb zJ`h;AmqqPN$-bE|z%}UJrb?=T@u01v^Tf ze~b>y6_sA+uH)MVF3{AEGhF}Ga>GfOGx_lV)Lt?d^TLq&R2ROl80C`?TFD|}&FAxt zc{2|?I>NaP$ztn^+*l-|EK;EX+fbmby7XjnwrzOIHG5zqu3a4Q2R8+s%?$4KQmH27 zcT|7pCWVOe&U|BLh9WjSzfa1Jyg{;4RjfM=V?NtOkJ^me!r6hc;5migi$Tc4c5p9E zr=xQz=L-)uZN(f>BsLCqpn;c1p;&*jmL*O6+uS-4z|X^TbYpIWO)`dl`SzF2LH`_{ z4&^tSPn8;u@(0lR0bNeHDmvtNB%W~9>y*3wv7Ys{30CD2_!XMg?_8OcQ!{qiM_HE{ z7psWj^=JNMw1#O*hrrRs%C5?Y?XVc)F**yTVBsV8X`SAW_$+;|)E~wx8-;nQ*ev}r z=87XfQjKSxj96F3iilUC^xrM+kX{4Ts~0YBaNzdeC8E;oRL}Vy#2E9@YU)TAA<-@g z^=cfOh0DD4!QrX@S}D^UP4kVD*23mIIyk_DAbBQ5(Nr8IO>v}b4EGxI=C`y98o=E6 zGacPdc`wJ%&4; zHDZ$&-_{5C3I|DiZ!46VVRIB&g}r#mV=VtsC~%TKH*EQnJMm?y-8ele>(^oH#3IDv zhZ67aJnX@Fxg^hCdKu|`bQAf>mOH$prf)?=MEe>0+6|%Jcbf_-eHR~Bo4uie@n8_6(a@nMw9t_B6+@zsui+CI3yV!o7|M zrMWfQfyzZnZd-yy9W;|uMJYEp&PFU}aUH*wQ_i`t@p05X^PVGM5mT#CX0%R`zGk-N z&8UO}4k9tf>)MU8_yB;xt;nubXG^6DVIsn!Fh1Nl^?r9wpGVRyL@wg2+sh@l@TI9D z5e`ykQt>_`rl|=Pu9?;L4uy(67kvLTBP_%qwmmoAD52id{?jp7+Pn?eea}r<=tD`~(O@yH81$d<*<|0_#|c?)HU+kQh}bbJb&STslQlh>q1Y;*{FdXL>#jyJ=?ls} z+T%+eV=MaFj$}s%T7(5Mz74M=7B@!)d1&SE*E+U$xMq7}AeAX2*-8Gg??mXtoccba zx2I;vx|;w)v8K@+!c}nUH_rNxPq{PNAP8(t$7q28*adz=V&2>g+JiF-!@Y`Z62LDk z7kXjlUKzNA^@h&aS@o>wE-@sZIj5m!0}~@LxVN!H;5v!Gg|~V?Cui7V3aE6P1^!VW z;+T*Dc1>Oju^Bn(smC2xk3bC#j84DcbVjY0EsKZ8Fo1GD=5~YM`JYC=z{%Aj1d=N>2ogss;XG) zlBaW{R5O_(%%CO=on;+$?)CjQwSKe6ce4C%!or9Ia?h>$w zy{3}PkL+V?Oh!UOgKs7EJbr5mj;mx}K@eDJC$s%r%QR_4Ur#Wwbwv5b?DK0XAaUbp|mNT-6Nvi`v~cVeYxp@j+yOdNJdKi3{@x4Z*n( zpc8|AUi$gTTNyV}EG6u{{*#Ng172DUgGi7|^!1ixZkhK0WMACZHRJXvD34AS8%pp) z=n$`O<$iZgSPRVd*CpElSiVvr1K}dcB`%O&)@OLa)0hnf zA-wj(F0ytvpVYKp?01czyF_`)!lJUxvmam3gHQ5;`(-xyC6}mzSAW)6#fzo8&q-O) zvvG{0rR^RKS@CJ63GiZyE>fj}m&B|9L3R%m{j1l%@$oNfXKJ#@k#n~$I5pxtaJ~B@ z|L$W(&;Dd6mhi2q&R~@u2@LpPlVFz+uv1un=EBIvI-PQ6`hn!rOtLg-&5te*_PfXZ zBA+{OrIBF}kwoxVnO8fw-=6-j+EF+o25VmG>opD68@Lw?@y*|{pkgSUt!i%F>^sI! z!N$8bN)ZLzCLDEjM=1a%CWwsM48jdxWJe}fgF$$@%F zV=@$zWVP7^jNh-jxzs~R4IuIsnGSbjGI0(A;_QYhRBCf_d76@5L)IWD1jA5Qb-o5C zH_4iXHbRcO5>FI4r-6k|8^b~$?^Bx&3+-o!=viT`Co*@3O5_5`sGq&YfXN$KUdi8G z;l%ZuZlPyVQf?oHupAOYen2MUg2Q$i!FyW;=bXbTOf!Y$pObQvh^gvp>+@5WzU*9W z1BjywaE(!q2BsAyFU#VM`3)?eQObr4W{QJ0XG2h2j2VYEgELH9G0fUso|KwfPs8^i z!CxJ+6|n=4VCql|bt(gL*j^xEh6TTv@}IsYYl-E8_j!2M&AgX8)+DDO>ZrlDb$SQM zGRP|*=2??_f^*eEgn_=LVTUtAaE6tqDCA=X4{OR z_&);nw#suh0t43))h&96uAk<=r(Naa-3ounws#MR6!LKj(( zUChzWWuff;$YQUTv#c3yWcmhkbWt(fh%%@?SzEifbui>^RMt0p&A6RK6PfH4y@f#} zsHQ8aK$d0xuj>7IYoLfC1*s z@5^EZAdI9~q5BRkJI~ywZ;S8Xt}UCD-`mekS21(BIJ6*2XHpX(7jUK?n1`1tIS|5k zm+TYcDVfUx{zCnNR#qy<+aBeXVz}ingrl?RPF8q-?h8dF$jH!3lE3_U=QU2gkdVG?p$8eL3Ta$qsA+0N-XybBbwGCTjn`wLussO92jT)}&xzFtGhSsQqp?zDthmsLXu zBW$n&2VM3mYq?n4HbQnT{g6b+VVBy2^3sPMUl|>%F#P_TDKVx|iMGLzK zLfPfIvR@dk`i+hCE_RRY4yI`wwC07tNz#))!WUT+HMCCDYF0dsV}vj19wP*#bxsf{yE;^Rk|d9%x80pUqRE(=7>7v83^!XBfBamzYMPYU`iYBMS82WvD40Vkk7(R4 zoZ_ENpbu(^Y|JJQ*z3Aj2XtGZ!^j6k`2{`95^TFuqZc|?z}d`!hnGJ+Mywvn00{{K z$JPXN)HrfA(KMi;K`+><9xgb3zQmC4Oy|l!tu6DZB-pU+p;q z(&6)+{kK~XFJmQZ((DBJCt?!pnM3==2j*)&Td4-WJM*!4DP|l`TpYtAYYaZQIrRAb z`6pJ@iJJ>m(4(*bVI1DDmN-u-ZlqS|4_Qtw)AygyG`*k2hzu6eOUM>RwjYb2eOdBw z^msRL3!&j4_kp~T<0tL~@h${HHy;%Sv77SZUa6WWSjK$on~dD}hKIkyZD}pEm#H?O z%WL16Ogz6no(jn$GWe|W#@@4A3W(HCt^@eH6I_jMj6(wsV%p$-*k|9hPE7M_6>5M& z(s#eItsulHRPC<%DdzWQ6;$)foM%Sqj4#mI9GwV60({%^b<~&$q3hAoTzTOk2S#QK zh590%X+j}8a(PPI;J;S>xP)fJ8Cp3UXOlo0U6nbT2|L0GU-Qr2FOEVpX*@bA)Crc* zH}DJEGBw1hLEC!q5*@7-nzcnmtQ!F@Y-1yaLVDvSZ}@_*Iu+0yB35QYu3%-c6I*-4 zO-WQ_(v(3}pG`h(E^el@lBZ-Y-h@`ja~<=Vu4mJ$mk66rgqpC9d*>;u&Nsw^I+6@@ zsoYj^cEV#8EZ+QphEWd-W$3r)IcPMB!NwvlBPGA3jR^87lW?r=o}!IlTO9g4kmDO; zh5yweT9lFuoRMoM_7v%CoZq{Hck?$?oC^n-&ezXjLn+8@>r+YGG)sIXb_<**Wucbz zIL$@Hl7ha9V-!vNdtIN{1bYr=2IG?@9+Dh%P;p0*_5V0*yxD}qeJ2RQ@+ms_of_)t zL4CIpUt~hF0X9!tZEB4A8o}i`m>-65m@iXzCuRIs_s&UnIq*Q&wIG$*H^{st-9maW z8F~NhHjT$rW5cBZw$D?yk#?&Kv&O)p45@bH4h8-zD$(|8_;g1}t*S@-Cx~S0#j_BT zx{~9i@C=_gt5hzBq2xUYO0y1+3;T9TG1$=GDIQ|m zC^5+jD^&MG7Q3lJ*~`O;c$>GwzZIXm@b}qEujAhAmBTH`Bdi2{0ggvp!8p1VaKrwNdk5^|6?6ZewYr+uK$)k8@zdgfWj=MI!Q=cePg; zgg38+rWGCTgj0Sfr>gazhXP88?s~A&cExHV+C%qqBpTb^2wa^jAy)K_O_KU^Y2SqY zq%$w)L|`4+=yWLTLJ;h!3rmCr3B9qG4zgX}kNfDYU4#cI?|AIXu}1IX>hatGd8}>g zfNTRZRy#{He74TpRP-vu%E}?&tuJ`6b^cOFBUGh6Y(GEXLZkMv$H_8t5~1{S{ubt= z3Hq2Q|CnLH6;6~A!$*CMIO8|EM1|Vg$*wL)gHfjWqY=bR2bwHu8DA@IzX~!Hc|`g0 z#ZE?+CN;maGe|zOED-|lA~6M(&O;bkZzfo~G?n`0#_nGB5Mh^?DAitd-S#?}ry+h5 zcA%?jJq+ngTL%o~_o=~*`qtN2Z}t1kBkKk`(5`Gf=*jwjX$D8!4cxZ3Gka|18#AL- zi^fI4$LksR1(LE*y8bC^M3Gr7Z}Ox=?o3@b3AHzW7ul1YeCzZfYO`x86OW1EhuC50 zO4j&99?LFuKDXan29qf*3ix|uT!hYYQ0!$QD;i`DG{loTt%HrCYQ8?5=1@-T@mxd3 zj9FdB;PG-^1OISt5b zS93BVT$&}QH}>RMy}N|)H%aO+NtT|#Tl2^CEW78Ww-|e&go>{{8Qe5A2feWLv{4G9 zE{~;6s_8H4rxBz3N{$3WzcjQ}9cZb5InXyMPeqxT}LIR6kQWs%8&>4hQx zsm;Qoge^xqW(fZa$Cn5PLfeT)&Z3;e-`@K**hLOf?)iYP4UZIO{(_`6y*!xsC2~a% zb|;Kfz)VG(quLdMvFH~4iBcip_2wTW=4c+g+2<3v_uqR7_Ay+Ib?68uIedoc=R8ji ze&CK52OP%FQlb~jw}}wN|LJRS_#rEvXGx)Oz7$Sgr8-i6T%f)#F zrwhxk@HorKp^fIQc!jGN0NfNHWHWj%paCZo>_#)}kKg^8S&_?6t1d~fZr1=xJ%^Yt zf7H>=eZ0_Bg|vGkLuTsUjqmI_dqkkS!4W5=sGXb!Ux2UL>FNEqM4)uelhL6?R-4#c zam2#@r}IW;m(gpm^TzDZAwfY%-_lSXR}q2L!mMaf4y<{RyfmTk&3v;kx~Gi@UJ5kq zzA2WHbb$U93*aUZeBNjl>{J3ifBXn?)=WEbJ<7z|bgp-+Kglwl!p9iz&5U1(qukgf4?jOaE^H?K^2{r<8eQ`(QlWZAwz@H~{r_g6AiGz)Q z-31Fyr#TX4F%|U!!9mCbrpV?=m+Jsv)6|*m}@E4Jy;x00r~Lix~mN zl26v=#(#Z@jLYPOo2>ba2|f7>q8AWgq0qv#a+jq}uiIj>N)g*ke*7PyLLVM28F#rsLw2EXe|K;2q4}UD36?Kgj)M1=6D1VcsovGTYL#Xd zis-vp@R}Wd0&xLuu*vbm@Dlw}^?;^ckK5lk<^#6|dq^fIS3I?XeiOUi$ji@M0bd=x zmy6sFmvjFXg$i zS`b^fmk0sUsM5uzZcud3{v{u7(eA))6ahKEgPHRO{etmi|dvuDgA# z%swCM^$PMXcUbn00GTGgdv{>0vpjfoUpR|Yf>Kc;d2Pih9~h74nb!N%{Eu|A12j5l zyeobTjeSzvm^h&+$~+Ap^_nEpaA6s zAeQrfA(7BYmv~0Y)CuH%G)s7cEB!9`Gj$Ipa#5Q0Gd2X%PyE;71%nXo!S$SH1(*^m zYT%HvvNLF)YT?E1Ozh1=b+u&B+zDUP;d(%8^T}_X@waer`0{e@PeY+GXf)$Ga`OF& z2ulHH-HJH{US}E8W$L-zP|2c)hc(FVf>~~}dY-q-!$iQ@dcf&jk9Y4`et=8;x6$uc zCf^xnip2YCU-63vj2fzL73wul=KrkiI&+9OcKs3aIRiPH#SbHIL7O^znr&BV*kt># z?affguxW;5nUzFolJmkN9wW?&OR`N~kS4HB&vJSFCksd0eE1(x@xHKQJ^=^+1})&@ zPS1S`I_+t$&<%frdJE{8$u5w1AR&)QWG;h=C8j9_f4{xt&#GiLq&%BAH=^uqT`?E# zf9hrif<`_U)Qh6wm5Kvjhx+d1>$-xU4*drAvKi#bZZ1WLb}i~pBog0${9_-@rCW~4 zm#f_7L8E6&Q|gP&HEl>+U2oNsRKK=wxQ8|`fQB^p_y(St+OtneF0Ip)=R;>6-m-ca zXEIy*VR9g>6X)B^vCR?=q)1s+?J@4p87FZyC(K!Or~bV@nt|DgC6J$7gaP8EvO$?Sid#eWcn?qPG${3esh zbou}N)hnSC0A8Vt=1qg_|Cs*233FxpV%~Y87Ra{$JJLWSyIQXkFmDA6-2z${%nW9ng53ymbW^w}X z-S-I>)#G*fS(<;D%LB-(5jlb|E_T@c+c3=vpbQQVE6^)pr{(67EPQcU>rgf}&KIry z_AN1&a!%H;EPw`YiB{8xiIu4O>({jsMvZjY;+o8e%wKDtJlK-|#s31F&|%Hh=|$P& zwEx_XStOM7^mG)t;WVP$%~<6RA986mcXxMn^z|94s;b^nQl4#x!BVTLt3S=n=^Up5x)+AxUlC-nLwbdL8H<+}{}X&|KQssKdg-LMJS|gws3zPgXhBp?=iINVEc`?*8-+rLlBkn1SznZrLX{`zni>3bY*tHg z1W`1Zk$9+~)iK4rUfFooKka#NQA`N?z&w5-N%BJia+0Pg;clZNF*5joJ=xnSRAg)P zFAFb13SW_WPBeT4inqYfveiN;_TiiO|%qgjPD8P&vw;RxbXYOZW;94{qL%H+%d{>zFz?mWSgHl^&-~ z0;lh+D0dtX37OBL1&{mopn_Zi zk3Eo%MN)FZq09g3U`q{!`*26l`{-T!?Ro$?_YTot!t2YGp1@94PEpak&qq7 zj?ulDCP)we+9D}N**>)gktI~;snc`#1TgA-+vuJB^?ldRxf_P*EW*`Ob>RS3+?s{6 zGiO6`?WEV1#Xc(bPv=s2G&}Y{cL)$ka@LV-;m>8~P3%qNGNqG)y%fneP4%1J2EQjM zL87$_F3gr7PA&(qax)R`NALYI_iGl;x0Hk)zpzuAS7b+VJ@fAxfH*QuUatZ%hD-_G z934IQS!zOD*ZbVz$aqV#k51fdphy|moIu3=1BW!&Bn4TwQ}3(3a9U3^g}+i1Ch6X| zViHI_Vg|g&>+$fnRdu5$(B!Ewf*Kh6q1*qvF=#g}@_TUO$>eMWd&j@bUE?Nl!P z#@(=>^?Zf8hG?WAm2J%Jnr{&=Wj>Eh+$w0lV7eK*F&cIIu(IfMu3Hv!0sB9>CHHDp z8O5r;{iZivd@fhddETWU-gp zTWKL2uf|-ta`YX5u`_>7v2heobpY7}@+z5q56W{|(LUII+^rXGmHGpL9Pt|!>BXsx z>jlN98@&6isK4-QJkHz5CP3O-Oz`FrdxB5wTSLdB159?IPoN5Q?Z3TK$h#w|5x zuaf>pBgf_`iF60EzOuIFRmJv)^d8r-l_jNDJm(J|HW+=DDdxq-eja}|Y8CGUQn6yc z4YK!~ReLpZ!k^tw+xO8(s3!NHp+zq!&@2I$)dQ5bbj*T+20<6`W^%4Dkfp4L;t?i#Y0vR_ZN)G_ea=k_Pj^Y z_+setRZTj??5ioj=hAkTN;%Cy%gD)i&K{=ThqW_^qU3$*d{>El!1Zr~-ACw*uT8Of z>BjoI+18nsf7wSbf`6Q3ChyYt)295xwCEX1T7C|O`sQwz--TuS%k#r-d6uaMr_J`0 z)XLdI)?SDA@oLr-yHQID-nC6!%}cwQ`eTU;gQ(>5-OlA%@XLz&uRTOfu=Uf=aj1LH z@z;wHr&7f2s_=TZEt&S?+D?FHezL^k~x^m)vZXZ=Or>SGI6?nW~AkNSg((%-@b19-Ckumjns!fdyuikvo+dd1OPIP z`%lWkbOSpM5A}0r&`HM9q(niRnu%Q>Xg@ZT&r3?En7}w(oaCEi(BN4%onkHm(sRm zNfY|gI)5!6BqiO`BpTv?!|p~m`J{=jjAkF3=Qh?as#jlD6%!#F_kLC2Q^90aWkZD2 z)iQ*KhK=5l)P5~EnvCDyFXwwDIW@Z_T2sLz177N-H?8~?29Hn>Xm1MkmXI_T0dldv zM(}yS6E6`Hn(ybc>M_B7`MoYsy)fWZxc%UBd_FPxjFH+IihT@~*($nf7KgVxW1-(? zTKQ*Fuhjc!t2$7e8ZFR0JzUvTOLQ<0o>@lp1~wCH`h1zyJNoL_j)Kfy?ia|H@+5kf+jpc72gsZwPWMPgd2yR>ex8MvnCGN z3_Pxse5#r`YUzF49Tal8BVq6D5*~&`5+-z)`%l((5tlS6Ihkzeu40<^Hxz-x{+7?^mGag}jOH7)r08ke4W)pw)PAv!5_L;)-1^?R(q zCx4sq%HVFPs4L)M)V8sKP9~IwQYzH8yO7f>)?n zc~w=6lZw6f{&!uz0LnL<+pW=5+TAd8jugfs@SJeGRN8>z*H?Xgm}|0|xwp%gymd;2 z&RE=(A}()^VSD3HeZ=N!em@x;RzH;|IP)E-E8T_QpJU#hF28Khd#|V1;`Uu5Cxvwq z*8$zVXS&#_xy3O5UlAWUd1#cjisD)9_g+1mP5BsR)KEgnJ+eZ%l0*v`K2GIky)H4s zjfg(gOgIEvx@Y;xOd&ociFI5cN?wteI?46D6pRcSN$}SD2P$J*`y1>pudaG#>DdZx zz`zuV9ALVguAZ0u8tjraGeaz>1{MtO2hGF$miN?M@}=&Q>xx1#>5eM$Ts&OjnGrt0 zj?G>^B#B)r2^x~YONs5`y!WJMW*+;?JKGmP_=LcDWJe>wV=g03Hg8ar)e??*JTa@k zyw6=a8x{u7sMs}9=rvyH0{>7(d-fnh`Xm)C@<^57DMeyKJtA>v9-+w9BNF_uvf?r3cLQRR~wiFmy>e?#2X;?~pA&f_jG z*Q@ARMtv$wXdb?F7umOYjCq!bzoBmyEeoEx7wS#R_-S&7h+u6O_9<_a3v6C@&lD_w zJE@|(ovu$gqoHHjrS>k2fLHQ(a{IE{)e;P zv$z2Q%D=dt7#bpnbcz*0k2{o|aBv6&M;1~*IBOi0lUq~_E)CJYe1bw2VS1DE9jYM8iF@5aitek9MmOtdg@b=)K zjJ7D~zDm>pn{HVtaP;+af~5h(1N59$~CM-}b(=UoOd1v~k#T z+MJiNXLG>%(PH7O_pYvgSNxq4Wjv(?rfu*30 z%UJ>c2VdHa_p8@|3(sdP8$I04t5xE|blW;hR$39{UG^=Ct@oA*w zZwB7)<++Nyy&h++8=cpbWKR~q$u{0v*;Gx6i424L76nrf8Qcw9h@M7WBXIEP0&BQT`QVewNoy1}7%oV2k#lK#>A8 z=ukpM3o&W5junGW@`gD-JJxmY4T3>rexLSwyDlR$>Z(#A!hsTt-*KCGot}bknu^AZ zT)TH;unJ45xG}7`9SAdz9?LUPP8OTy{M-3M_rpb8t{r^$&Q;FPgt(*cF2 z6y{N4it1Ue3;C?ZgMD<)uFd;Uq(uM6;_y&3+oTl9KZ&7t?vo_!*-~?w8wR7efuOss z=(YTM$rsoR7NK=EiiTMqni`fc1Y6L7Of6e1DHChP2pnn4HTO%^oxM8U{#k5Va3A-r${Jw9%y%|S^7#XaKyj9s z=e&FvDh0Jb%f(Ktg>{DJ$u*SUqTa~GW$}=dk-D_?w=WGPByF0dbcum1?l-4Igl;(X`INI; z>$&Ji@Or{zOo=vSX=dHd;TfgCC_RsxLAnTD)<16&)ax54{}T&g!6EhMtzeP~&63N~pcE=;3jq3oEK2AtiB`>WZBM(Z91$qK1KF2SGE|?} zuTDibU`ez=DUv^IvP|}pMv};nlVCf?7S!rWlz=1{3N{m$Z0SfoYLMDd&;8NY0yd5~ zafuX;<;`O_GcI!vQ4+poO)_t7ivG00v!L5fm-S(7Me^NkSO;b(jT;tsgY~T3T|Y30 zs?AsdDlgiXA|SWD!_&G6T%Y~)`QY{0x6d*xk3S;7dw!eM z*T%ALFzcNKlWqW!D6zTJmS+2~m8{mW5enje9TV8P0VaLG=MTSj8!r6(jj5;rl3Evy zPTapQLVb7-EczlQEEviIpyX!2vMI+VF=iQxCQ67sZ#LH#sI6a$idoXgV(UK$N;(=tVvf%n{ z*ie4O+L(J$>U3a2=7ZezX*2^XBjdAG@v%{TK9Wun8LEzI5z8j#--;1}yc-kV~DJnmKvXx=~+vP{e*mIlmm}Z~Q4_TSt2vxBiLv zf_`|<@NDG14yNp)3wXO}xDSkbT+(zzURt#a@Z2NlX@tweeWB6_{Xi6|&~#v`jH=ho zl3gbcm)$@*FpY>$HX?`DuH%L)I-au`fP{yUgwi8fSa$b~QKCoVlE*HVb3S`n`U4e9 z3PYEFDCIOI5+(^`PcpSgVqP+=E}Go~qYwonPDpUFfhI}VvcC&bf(f9U;oc9E60Jg* z8#Zv71onq`N(XS!u9DKoAO0E_(RTbb1k<{njF{oe9r{t%mX_1NVk^B5SVs?H>4apcFF6cli*55q@ z{AIfvSV~xC0`}uUSf{6TAlVG+WN<9hTeO7Z9Qlz3K`4ZCzqnm$Jrm+sn=h_hIrZy! zLpgwEWeM6c1Uop%_Gx*JRH!caX7HydP$485d6{Mp1w_*~L4eD#r)rU=X->oU;cY(a zc{y}9%PjNz$FQib1*(g3JSd;*Mi0d`iWI*wOWpbWrzIU~I9`RDT?Cw6U0+R+=c)*GM?(G#P@8mI+bM{|t zj=v>qk5pm5lK)^qMaStR5rBJaDTLpM`ggXv*FczW&5}`{ZHAw}wXPqH_g^9DM9Bi1 zt+Ll~kbo2?%@*dUJ?6(VxMitQz0?h0i@kUuTX6c2R2(8db&8)kogXohD&Q4%O-F?H>JrYTCD>jp;#ewb8%wC1rVWuU)_0@ z*hsrMt0KE4yG8fFCOkE2d2Fi;zoi3#jkS<0BlGL>*hBYGc2lxEQm$uEHyF(-ByV;V z_MnFaAaskkM`^7`;boHz@!`&iCdoPby3{WRqey232f}PEUum&R1zqg%=6|QwKMTr) z5Ypyi_egC|_T{B;#|-;WBqEvd5I@S&WGe#3HZ2k`00=q}w5UpG%M{H-i)TBiDSh#z zO(H?|uhoJ@r#)W;J}TXXOyDIVd&~YJYM$rdQ)&(+guC9l3h9_lkov?WSi+h8`uT$& zB@w}fC5F=R5tU+m1|zIF;Wc+&)i)1UsBgFTwf;Y{zWOh!XzN?LO9Z968|m)ulx`^j z8M;eKy1TnWIz>bVhEC}mkcNQ)hkVC-@AK392h91*+2@?S*ZS6yPNvRuC<>&;u|~8) zBpdi+4cK#+`Zl_3c3?k?2HC#C%{S_LJr_-gK0acFLP~ug!2J@|_Z)^>c|*uS`c4Y) zJqh;CA?JJEv(226pTiuh)dBHbAA+vHTWU3=|-RZ%K)7JG>Q#RzAn6hcT_& zBz+OH5#>2halPhyc*#zG>AGtaugrHrvT0~4`AiCd0aeLA9tQU92FX)z9G0+C1?Er7 z8rzySQx;7hVpLwG%nlYscoYVieR33phr`g`XzDsH$Om^k20jD@ho}js_?0d0fnwF@ zHqk6_{lZIXM8*gk63jF21TXZqmMT}buh%+GXe{MwPYSO4&s##I&b$y1hAfTX5sjIQ zK7K~9CVTTGH-gou!=9OJRSaM)}M-%&#g%iANAhTcCR)+jhu; zo88!ZE;2+RPPGy~y}U67YjZHMNZLZZ{tIzO_gd696b2z5;~e0e2N+Quc1jewv~_J% zTyPF*UaxIr5USa1f#BeQxUngBK~VEh>_RTTbAF_fZ4U(*A|*l|9XO@=j1&Emn&xkl zkt0)U<_YLZ$i#m$D)nOUD z)!_gu(E5vKhkSyy1P0xC{e=XX^w(eHNmh#8!cu-EakXS`6Z}0^zdRZ+4Ixj5KBOO= zKw-j+$Vm|o=9z)Ow1blvF~-SG(GPg;5>0gz&;MbzW>5&WSH_~b*=auC>}=_aam{jD zVT9_V8Hb=_QH^sK9m2-?_|*1V0;v%5{o4HnO zy5GEQnfTtr@yR3a{)#>h`zq)mDl^xTlOwD(VhEH%rHZGM8fOG=F0_pMpu za*6GO`wS&{rKNaSC5|d?3?nf<5TzezO(PS)^IlQ(SD<7)OQ3ig78}M==+D++QD@qM zBb4WNY#4k>!B>v=$U_wxw^!#UhYY&JREj{XU#GfUN9nO19AZ|0sXkp62u(B;Gn-IM zsuD_q{wnpiuTQu*kJ_Y3_VI8=~S{W5(b!`t!6RxM8 zgRIDMBzZRup>~P~OdE$7=V&K459Mg!2rrnJdIcQ_i~ob6R$-9a)Q`Bxx3NW<#70dQ zaa?R45}TM>DN;snZE|s1EQ8q?ce4X*L=wI+C?QB5oV7mF z*rJF32>d{-Hu}KsnBAgFTp1-+M)Nv*$>vDPuh04Nw^HbW9I7TR_g*C>IjI$9;xGdc zGf2i{xRo*)Z(@|^Xmmd>bVaQ4jvaS8Q^fsUq>s58InR|nCwG`g)N#Ja`lW2;pZC{= zEJgm`)4}r8?l)MkuXp3PM2uFacv&45xRVr#X(KU2pQ6(5?Zm6oVC$Bumcd-tK`dl} zeiz|XVP0GqzTdudNh8BkhzN$$DRhGluss@U(E8Xt)&F6{lh>~Ou2txl4DnoF&EJn8 z^?Zw7y~J{G(P+%S|0ZfTvYPDdPqnr3;P&+XUlSPdij+j{dd8A_F#S+ia-xFBfG!h z6Oq%kD2XFfY2b6UiQ(fztVI$tQDBvb7nFQj$rM23axB0PVxK$YV|dsE=iO|1iI+_y zA1T?(xy%XbRk)nA*o^585Yt|ry$E6U>LA%6>=JQ;+-g-p9QbWS_S7ax{NMmSXy9uF z%1qByqb(;l{b5qbV;Nm~+hkf>?|F~vU+Gg|5}J7;jfBIuWN?0o`|#D9%@9W}jWTqh zj&Slh4ftG{ByWkw%i(kKu!hLSgwUK@ud{2nez$1!zg%Hw&5jQh%7v_z6^vtd8hPwF zjwQ-V62XIdPLZVlsO@Gdd`ruO4#YFe)i;HQkJNI=>!Vw6$k&wwt4%o>2_0RMPXha9 z_Ov_r~?6xlt2d19n8nl2G5@-8i#u2RCZ&>@pfWWuceH>w*;uV=}StG9Aos zao&ZAl%c%fmWst7U3W02g&N>M!ehyth0Q~rpitFNsd{RiWI_u8QZ~L%4$J7t3Vb>a zUFZua8p!t%2Iz>Ryj1M%;bK4Es8g=eL1g+aX|Z;szbQ~lt};_mxA;y(YVFoz?4skc zD__Ey#27jySSyRB0FcVws* zxSo7clq#+hPYwzRxKql)ni8vhegpe^kG{t9PkK{aK=++GFHG>@bIK6mn}c@*+(%KD ze?yr}5Rv>YL@0TYc%7r5}PIr1jgP z;dV;szDo35cG_sjUmqRHz9Z6l!D*bHcAh6wTQ_5>`mN4sn^1uim|e07pY9hBXYYjL zZlB@0Wq>K_!#o2%_xu2-du~Hol+=S_sE>EUR2t@B?^;MiL*#$pb2;i)IhNc>5hw?{ z#bcI!_~cyNGry2=Ik0j`P;ax-cCu;S&6NAPqi-5TiK4%hnBK?R z;OuATMJm&Ryo>uIX2Mt~X@kfjAi-OmgsmfD%&Xqh;&(!)%w*SUh*!it0{>|3)x#}+ zH}p0#N-?Bj>To8P1$1RC2^CgEQOjv9}Fnk^E*GN_6tYK0R ziVfx4#--4eIxyU6!38Lg;Ny|=NhJqf+Wt)AO`QE@`5c9ceJyqzDrS|bSgaP#^kx8C z3Hc!z2OS5VuMa##qDM>(k3b`C9etdPetA5UZiXzV1ypmY7sIfn2&^@Z*D9F0Uba&-U2$mTcf{9|Sb5Y1iKh4Ym`sME4 zNI#sXqzv-Q%nz6w;%#=ry8}QiP}cfVmR`w95m;`IyqakQJ$VRw-guS2i+Nu(iucp6 zql89UcBGHxK3W!?Prx^Xj*>T$e2Q@9*S2lg3D$eDHXfmoufQA(WNt`DcP-cJe1_QjfBV$;d4 zBohO%%$efd6&Ni@7y3pllUUYIScBIz0Ku9 z#}BgEd|h}GXj%B~x&Ro*LUH|*T4lgudw1C!S@#}+fVSSOcS-nCicJ1#;3@lIHdu-H z5OtEYJVVT3T`7V)jD=KM>G-5+@H~bYN)vqxl37-Ov&731FG~Tk#ghb=a!v{UXAg^m z7O5u#9$({0=SE}n@`^~DrRWi{%ipOf(CIvjC@^+izJU+a+j#8r~r)l2CF$qdw>t@#$?P)zoQNk%?>^X z1d_$rNJ6szS{4j>&IM9${#!0S9kYi=lZ*f9{fuK?A=Pbf*G5`rHbkOx`*zGg@k6yr zj_jT@&5+D49(`^o$x@F0*w3uG{ePN6G;)N8N009`otW^8QOAUKeqmu{$b)a+n=bMrmgjs&pzz~i(pc2wnwe@) zpr}g+Kj^>8$Knk9=5B=sd9?*#CD5DB+i-vRz7X7QPus#7`qL@PACd+3=MRhkK=5Kn<*r{Vj6^QK6{7*|8+pC zi^jkJC4=_H0(=fim)=*E5AlX(>T=b^5q66pdA?txigIfu|0gl~r{aA;3B$Eo?X>V8 zz>8eU`|(h4i9SUEQG|C=df?MPK@wbVKgoW6^Nw@)A*69ygHrr^dAY;_lam^^IQa#H zb`PbGouG&6lVMP$Wnrjk5J~!5;NHol5g7#}{M>eLoN8#|~1YZ~LYz~#L^YcdEs-l+4Wtaw#~1oiPY7Op}K<`Slqvrs>W=(rhX zbPRr=e6Yz-G=oL#0Urx6k-t&8VK8Y5w@%w$D6J4}DspY|V}a_=2?ABOlj7 zt+XmQZhSgIijkAb&IA{0fM`isF07JQ(m5O8H8bPpc%Xz_THM4Q_-P3wNBQu#vSa8m zxQJuOW@j%J>)eB!1Nj>Ht_%!y=a@Xa7VLzAVJ>Zt36uYSgz0@s3G z>eVnrFF-~mqi?k~Tj6qQsaFX78OO&?6~-4eq|h0^;k&}LO>rH&)mb!EFLhrnBEP1q ze8w+({cATO2l|f2g8B1u<6r1coBrLeA#!a;oZhFI2hya1v-XrF&VLebB4l61s`%x% z0=Bg_XmmOpVjg!?Q73L>rdBSLQr#Uf=HL-oN7I=V)j7%WFRY%RRSKDFec zcEwYjUonDiX7YVsZiY5G9C{Jm%l$llSO(q*W%XkCRe0g(^J^arj7L+74SC<+D#p=q zyrXK+d|=&LqMYxIwNXz{VlAZ-;;+5yfzl$29UkO?>VZa~Bwj5-4oQpNa$ONU?;`5oM&w09T4`K`hL!^9jwOe0H1y{!`32bIEi zGd$>Z%v>IWeUB8aADtU-rj*hMBBE9No$^oXt2605^*q)7(oi(vvcFq5s6oP_vTkQz zs-bPPdKKqavee+UBRv!C%P+h?a0huqR)@<&9jw174a;s0OmLcO>)%0SPTO&4Z%mPw zlHhF2n~7pgaITi5w`lm8BCr5rs_wg80qLT;*lQT^pE1cGxv0(b?IUqf#l)p2MPV5C zbqVd)os2QrQ755p60CkMNy*0FAg`2GD;?XjrSH(^2IqevJ?7Saykn|77mGYW8n)by z5s-_@9IXj_%9zpm$|Rt7q6)7$Djavu_sLW~^%M*|TAEvgaC5c>&y|i4P??z%-k7Ih z0=_sU#4abXZ;x7=?ckSDDO%q=yK`CmPD;|$;~*Xl%YwLq>uxA(2DRGMF<33ie4Ms7 z6KLRr;};K$$D)Wy0Y zvbK!Vb(%4+melkaUFU7p!1{XQ-Z2h{sP{f~78+tJ-JsUer{AGYFEOc@#c zydkqrNAql|_s}u#pJ9Cg!0%UzpQ*9(I?q23x|gAy+#6kK47AnDWHy+x$fDk6o>G!Z=6OES&&4#xl?30e^m4ooA=z4t|p(W}i-p_=TH_J(8}~5V30% zx1>~b>PaHdoJH4-pZHJD=GPU^qw$V8o&xN9+(k^m^A#r) z!bL*jv^)<7i4~Gd_I>s~}#7!AI!}rQ=XGmcup699UsrlK|dkQyASr)xK zngWN!LNH(A-%DE6%SU1j&Od+%sRcR5yIqC{?B-lKv5~yBA@!*wi>F5c-ixbd{n{-{upCMS|c0;ukfSKw~V@if;)cwEe_+RRU^C~oxY)AO|&4Y6e*bJHmbw_XI z7RCQ~tKbg5oUzoWB+Eo;$!A$J5iq5|}8Y`Kj5OaX$lPKDG?L0f2nOs&| z8$KAgGN(thPo!VUOxS@Jc>`PQVyG`M~>8-OzN_zKYp%N*&>$0!pSlsE<^Z#Lec*e zI9O@oZyWer3wuUKXFOpe^`hRMlS*C8iPM?fwOo)pn)PY!MKkL2nU8934I0G_VjAu8 z;We&LI^f7+GS2}+J{P_J6A3g896eECR7r0;dTUJqO*b?cFQN)oG^pSF!$-Hz@LZ5Y z42pA`#u_|al3pI1jo-60EM$ z-=EgEzMXvOXI%5T)Sw)?uI_0wfo zP15~!TQ{H{-T0gTX^d@uCK7Yx=2&zS9%5#8miYAhsvVCQ)Q}XU6;hDer4b9f*^=a1 z!%{Ide@;K<_qb|k8i$KIP026le!O>^$_glY`EBNH4(bj(BhK-@#!Bq_0*Lh=Vb4l? zc}#uXslHRKg@M<{XHw`JR5*Rmfn~T4TztZP2m3 znQzWi+!Hv+9Cr^fXEsU47oLna|4wvIuz&oJH8vX8rk*=GcC!80t|MjspHTP1fp{Fgo!bJ%i13!y5pQb%y25#%fIggXMx;9jF^R0ATm&o zi{-J&q^4w_1J_wGE48-g+wdCP0@E!YV#D!^^IR^E%s<__E;)nVL*K(`X0-AD^$@<5 zT|+QdL66|X^}Ac+qZ(rt)EPJ*{1he?@8Q=esp2|q7lo7J89MY%79Jh0%K1^8=QyU+ zSS8L!C3y2A%kM%qaBcVTN?j8+rMR~B-s^G$ex&wAeI2;^5sz}wWJ=UMJ#W72Tk}GW zx7`u#AhKevUceVrruY55KTrA;f4MlgLG;-oqH08qSrf`}fbXkmnzFdqnv$(4l65MX zI2_!P6$KcCTY{yuijm-MW>Sn>RnR!paA#k(T%IG+^OboqX?)xHSZcY;B@*U%d15@@ z)7;tWn=-Gg?jgs_;MwS(eskY+PgIuW69^Z@Qv2?=+GD#597!+0M*$U1h>nu2kJP1+ zwH2iWo8-xlaI%+Oe+>*Ci|$@Gx2mNs#W}&w4)>}kyt5LA=8x#9x*Ju9s3?2*0vh!6 z4C)jrKKLK|{a|AV3qEAcQCjjyFU&pN{hK!JRl6+3m2rn~M)0%3&>+`|N`{o8ao$A~ zQ(rdYLsJFq3vR!+(n$_c&s1!L=NUVzhaChV^t%^kjbZZxeR7ptelM5kd(Q$w zi+U=wnbcWEz82)hc`=5y9RC7e7xpWM>1sN*z#@D!M>Y(b-APKC!-Ykg&B41ExF)^T9Py zS<9^llU((lR9OBc6*LZ}Mt%u&oc+9MH=B5%h?>+Cy+!T{Z#>5uAY7p@kFGm;0#*gp zLS;4JXNT=s)5kfjvT{2U>74SqPd;sW3r#ed;IWhff?r0W+V$meR4xExfk~~3kKul` zjtPlMDAr<;)iutql7_DU*Fj=W>pJuSb*qxEX!Uqlz`{@Fk`8Uii65cxwg!? zCzr0HqZ*}n?)RSJ_D^ll#;tVkRSGuWizTsp5+L_z>XmL?k{?(13(zk9ct1M48KZ|a z)cWb+i&OzFeXX<2hN^E7=JDl^o!N-nVVu9P*4mF!6E&+Tz4`zF7w?E6j5J22zFZ=n z1-99@SNk+ZfX(<>k-uN)i_I`_sKv?CQG~6u#)8g}J_0uBr$$j?QA1;nBd82iBYSP0yu9bU)-PB5F>mv`GxQ@~ib5O5`60i~n-kYJoD%(o zWUgt+jEd8dn_@T_vYx;}E{IrU4G3+k(();H#4)^dF)9Cb!~HgxtX)}`rl%KpEvLJZ zIiALKc`DU=keHXTj2o)otjYHdX0}=mGbYhxM_-5vCFStsM;5_I!3<(NablXjcm4+` zQESIuW$BIfxyD= zIYH19PPTMm=xRTZIX`?%gR)JPcpT*JJj

6?U3&&#s^6x9O_UlnvG4BqT5Q{oM># z#b?@$r9<8;8%e2hg#9|C&+V(L7`r#2reZDD77fbdYn}C?Y=0I{T~5s~MOL*l$BTHN z*1(StS={FPio|q?Pg|;4TVTLABXmItisqZY$=fdE>TRp3xtB#||Go4l2ot1eeLNvY zcmIYcjd8!s>b3rW3y;1QRKjU}8h`Z`j{3a&XVZIkIA*+pfLbVrX~fN7d8G67sY1av_xpjlglO)gRz9qF#vW?f1|BU z=q1nPVFC7OSjzySydfxE9&{e)$n@b@jlPYR^EoqAeW2plDzw~%l)A*A&yKsmM}B)) zaAOeR&zAnVle-bQoljn?q(NU_k^V6WENEAFLQrdG;Su81 z1{{-HBd7j@t(gDa0JHu0>I#fN%QZAo-qbYgW+w8O5l={w!^9Ie>A`#%);q`~{zWBh za;|}EjIls4BlTxr@%G)RILjpDKP;IgIyp14Z?Np-cFcP z^r8)V8!FtdW{f1yHjMAUfqVnjDf>b#A)w5g_E1}+W%|3Xs-4xrNZ9IxE@-8l{UvNl z{=u3k?`N0iQ+D@k$|TYTYTfjI5ll-ie01^e6(3?3Ixmb_JI%R`QE_#ap-x{v6%F4a zY7#o?{zEER9u2x_;I8ih%WY1Pev2w>z1Vq0KLf&)b^{lX-%;~+J?0lR8&B0h+t08c z_0>}qX#0T&S|b{TFsf$w1msKbOir+tVlT#@qtC?JdzVgvldVzzgF;V<5$@n^o@%E5 zn|!|~?I{~tEUMnSDOU!LS$u~O_+mPR9R4)6MHfO|2cecC55=OFSI{$xPP^zIkFS2i zP|^pK_GIe2c}Y-Dmj`8O(xs(-wo6!BANLoA@LG{4xw0r9FB#1{dA52u-JNSBj!2ZX z4=>LWn*eD_%&vMnUi~=!FFuMy8;bRJvnMb#m~ane0U^LrT>#lrBr5D5*hYbc0MxLu zN?8vc6$kvaiU#hF5f-qyuG_yQCLTw^>#IJYB62cSdLM~;+;ucME{&!RaIG)$zxPvC zR!-SV5?xAR^2dw)8W)$An)=%BZwiy`N-Gg3r)Y0<;CcPL9WZ(5IE-`OF|n`jn%aP- z_3e-8fOE`JlAQBu&1^WVn1~-Kq#YCxNFwb=Wxuv0P0i=pGKA%@>a`@YoSyL?P*%$D zpMTy^bZ==3H{sO@jGl>UtbWB~-#+U_MMD%y-+fp3(!(F~4m7`UjG|(#d7j@iEnB`q$rGDE^d2KN}*|>;Odh~ zh8}-LO=06qjvS7s2k4@_0-F~N$oI}hor&1HLVZIIiMT2*QAdINgytyoX4_a1nDRDj zKUpFX!(lw8?CDD7;N5C3e?~H1?}azX*|Y@R_86P3n8tFf)rqWOsh-s)<#CUBUHv!k zGSPb-a1;6(DdNLhgv?anns#NJ>ZqXcgzw9e6FionAr7uRTpF2Id5?TchKL<5Yg}cW zBYZ6jTjb)(Vo=Q-E0tH>PnNBW!oWn@a|H~c9FCP^?7{1PHH0?^Ir04TK`B{TRlRlxuC}U6;z_O>OJbH@0{|c(VOHLz6%p;f2#784&sEkR%oK zV;KLOqZ`)hbjHZS!LjIJR#LdHzXyEmR$!;oBFe&YEOh73n2wV>h=XfvXgg<*uiW>c z55Z(C7fH%@L!J72$LY<>R`;vwV|}^ZAMgIq(4pRCPQ>d)tIJ2`_BkmIf7P`JcY%{5 za4KVagRpG6l?u53WJ%m^V5#mE$bS8N=HU04b_WSbflqNW z{$lfi(mVI-!~`};vD}{(drJ2Rm$tW5ftM+PM{HZ^7LSj-ISs}w0T%&EuJ^-D1xDM3 z1NR*Eq(Xq7pM|f!96@3_PL7zU(g%Y4Rfncza{PfUygpL_t#%***tp>!OI4wWZ0c)5 z@VJF3Tas8{XFQpp!uh}<0_@ttHN!mU9tbtGppjiHpZPIBv)zawJ~pNt>reUBcIgq^ z`teDDq>zLz$lqRRsn~W*MKg=?NLi(N7Cnl*@YJN?OjG1%?*dz;Q_)vYZMhnn%bIsO zuwxwxxh0D$?=tBjmvAhPrxZ>m8{??_v|4lPL)jo-@Cw0PEaLsLkYD7mVhj!a?aBU^yV!0ag; zxc;Ls5Msn2;^9@02v~g6kY@7yi08KlJW4=>UQHjrRjK*{Lki5*`Szh?T1P8%Gz-k#zW6LkMj&tRO9HXtf-oC6V}4eampe$jZT%@tS|7R_}d`FF-i9t%GcZsQo2OlLL=+0cj7WD18oBj&h6j3AY%&24RbIieT3e!8*iWN!T@ zG0PEn;*9+ZKiz)Cj`q^x=@ZIM+*5yq8%kT&-Is#^KQKne_B6%l4w+L_R8&$2pU*5H z(54W1&cR(Ld)BVN5tT*Hpxue58Dh0;ZjH&8dzBI=&Byf`hqLys4Z2scyQZ?fQ~~D{ zB#ZAAIA4x;YJ-l?+jxBeo{40`5m}9L2F}MAbo4qFUyj8;O~gF&0zOFQ3_297KLO() z-Sd@Wmo!i7;!7FLD^L1%HBnM*w8eMk1x``jgYmNMw2cM}2=dhTF~^|-L#+QKO$Yd) z``eBeaQBG;Zz}a#=S4Ey&ZF>pk?%ZO@~ zo>Ie$#(ga9Z+!QeiIEYgQZRh;1FNYE;(vF}z*OWJo`1EXYnSZQb*_`vd-1#_X!@Q@ z=tV46Q%jNH{p8_-NQ*&;|Mz>aX0kTBaEj*tRAm-2edOf!UjcWKk<_PY8Q^ZY&I}B4< z`A^u{@VfgC^N$>lQ>A+;acL&s^wpNiWD(4;UCxXRSGZlM!9YkCKxHP%J+-G9wG~o9 z%J=XSs3Asbc=GqxNMr4&?_uzxb|Gwd)rlAR783z=1V5p+RwW1a9Gyu21gQm8sPSvW z*6tW}y7oWr6}@DjV7&#!>3U7WRkG03`9+?C-Yk5 zYRZbOCHTRDvWajF@vavBtwU0AU3h=oS0RmrR^4qGsV3^$v!JIB9DE7trITY~i>1@z zth5EIY%3&^bL!&eGBXwVcbMLn#VtnOQx`bvGaeSbpsaMcr{#OED!(rCvj~ED4Vhl$ z)-}}&?v*tR3H1Cp(~QIau7~HrPp%?%x4Q;`PRFMx+n^l@*LY?#G7kX|cnL(HlUb?~ z;aM0Ik%=mg7UZE{H4tx6!!amdkx>nO{hTF9J%qtSYO<#71&<>;zRZb zHK^@^UZk-|_FgK%p2RPd@6MUVLW9NC-?y9Gu*0i6VZ=Uw^{%z&)W^uj=gmmK`Arz$ zZ+ftfA<3LZdmlXr&cBPp%iPsx@()OZ*U*?1 zVvpp{&zCWcFPmiL zE=g>if;Sqofpq_Ljw(nqQOqf-UTZpVBBf`iQ*caIQ*0ZxM-+l3W5@sg57g^-2SOM= z4e=sp?MKa)kjItIePD~Y?Vr%XR`>basQ7}wX^U(8U;F!V$~uA<4(VM2Llxbjfqs4& zd9t@;M3ey&DI#cfogl2ETp`E4o|LI-AE&UKt>|Nkr)Jrz z<6?o86#DVstzLN^CFVv(JH$i^0g+5YMji(>Ox@;*KZSLFGNKLC8tHyI0E^LFaGG#> zWENC#?fSATB3$p6i0}82ltIDR+Bf|teI|_vQ*1v=YI_Vi4v2u!--yS{E;y69DBjCB z>8ItS{8pd4LCb$$StTJTajVEU&S+}Yz+4P>w@jkX;p?l4C*3rh>tzy_0be;azTh{V zv%tMfqF8oU9Up|@*(?>Nhvfdezn+XM{GvWGDNir_)ktvm_|UH64<=55;N0)J{k@!L z1sl_xks(OjTos>V;+@yV!0^jWu7cgmpQaiqu`2f7DL(jBZV?)lR)xi$x ze&)`xp(I!>v!uoW$cXGmh;<3MjcX&pMa192fKo;i4H)p5u%*WI#5>T!Ynh`G6h9WE z$#=*goc)X$eZy~Et~Oi&6N9u=t?)UPXX=)P8IWZ45agN5H8T zTJ%NiE40EUnETl^5#T>8!}%*V73L2d1=m0A0_M#w#$tOajb8@D*Mo-J9p!2>xajG0 z8n7KknWqNd=01L0;_0z!SSS03kMPb9^b5lnZO~5@k&DSnzFVrtMnA{RHnk;_98iuR zt3iRI#kjnCW6^?ZvW&)|3*4oN3VJbhn0Rt2VDJHI!cMEqk#E4TyZl}oW`XF4zkb3= z!@NNBt`W14-bV)sgBskA6zy{=eQLwj)w65on4h6NslTta&0OPhj8b1upTQy_Kgf!d z{LNAVcYbRpN_pw(OlCwFFx=D;9XxwRe&>%9X!S`tpKCJgiKkf6gn0H>zuhuprQ-C} z*8HOAo#{E2@ExW(bt-7B-U*&~@-jD=8Fr-88;*9UBS)vw>0)I6= z@JVuiHsN?cgICiJXohTy_`gMwAM@l$P#J^Tb;`heT5OwqUS2=t@k*Kk_A!8RlV3C0 zoWkR5xsPSrS_4Jsn+E(EU9>Sb)B~$?fgNx?Lnhy+8kA*{lJSx}oJj}ZqTe00_L#_b ziyl@*^T0DC*m%4Z0Qi$dMQN6gwWbln@vjWJlwQWKj`pA%1ThNJHT`?{Fsc&8k6#1N zPKRx0AqkM^0LkQw;B#sc$=agpg|}xB;cm4rpSfLaL;N(d$i8D)Cr$7jK7IB9m~Z|Q zEj6yiJ?63zARxE$8s}>~@b$6QZnAPj9)s@U zeY;qDKr6X`n7+WLskFis653wlk^9Lti9>K95ttTx9F&|D!%GoP}TrOmaE2! z7TW!+W$IJw!dzV%HXKj6(@xh!Rn1LW^>IlhCt{8Z3txfU(2?;!Q~BQ@$s72Gi-nw} zq}Jb+{E5bWc=hJhn71hQzucmUn&VX*b*=ZWWcWQKO5-z0m`Cc4UOVm|#e^A*dh0eh zqx9bhmW`zCh+12i)J5KSrtA~rZHU~*fEa1p6F?DMb*7!)zVT1~ud`+$;M+Vf!^S}?Vt5R0? zYxIa}Rm?E{2v<_Xe0_y$!8^a`Oon&C3HkdK^NYNJz?LvpMzEy^&;g3Z{v-wVgn8hEm5zr;p78rmUr39`CyS6stRdiUz z%Vkzr4B%-!r>^eybMl{+&E5Eh+M1Q=8`3jl2PwC&p z3DA(jR?PU5YcQe5%S@vB!Jp5E0Eh3d_rJzfD(Ck+N5@0N9N+k&It1qSXlm-^Nfe@` z7?FZIk^bpIgb~GlZg?67Y_*f~fmRCf9r_9E1CBG=E9R-cE8fa6C`yV|HoZ5?ZST-p za^uSKO^8tA`BS6SdmMap1(+J@uV_|dYU12tIbIGa;<0RQ>+dt3OWTz*^Z=|j2648b zpqvJPOth4%#^?N^+p)K8yh5p(a+yu%rs4Zfz3Dge@haOfkQ-MrsTU#DB#Ba$NdL~% zb}ate7kIwIag>Ze1ro-Y z4Q$DRhQun^n<0PaDrinU*Uql>$p8mP!tX*N0a5i>N{VgGwHgE7o*`okXpbT07ENd9 zX`TKg?3obpF6p zC@i&M*{&)6jq;3k(01x(nZJn6fpz~h)&gjGH({;ZcZpP4IX+{U2`>}lIEYKTh`=G| zR!&sjd?`-^mdyj{e6V*ilFc8p;3HHPC(^JXsxv1bJ3mkSQrNzT?;weOi9oL)`Ss14 z3{bMOWMp*lk&PR^M|01|O;@RNVi?p>54#yk$T6?XMPX#431^oEps#_P zE7T^x^f;<1$i$Z){WL_?^;0RwrCQU)Y+vtO_;h(giIHeYlV+jK#-Os4d<3sulnn%H zbV!s;QkJ5L6ZU91=+x(RJk9bNxqqXOVLe2>iokBu;^ArG4Y_j45e|q|JATVlrA|Rz zHcfd(Y;iz(QMvr#kMW%$FBFi$?{zv~>XMSc_;%vt8vpHj664z`ok5Io{3AF=i~l<| zvr-cw0W~kT*>S5D2R@#)+j+k|$q>}d6rYwN>o1BIs3G#ZTxx8{EK=)Gcj#;zCPQ9F!wZtE^h(Myk}PCL3h+7nxWJ_K zGpJKAGB2Lyb0`5ftyd^Q=kYB$LZyu5Dqo1#Ks;qO&3ts#nCvygR>`<;KWiDd5VldU zuo(tgl-EgP4s&a07SG7djfh~(fIz5%X= zs~lyNpPRN%)FA2FnOIfWdL^aJBF*UqXffCEC@u_oa@G|m1#V(1FEk`vKfoQXr2h_#Rg#nNGdm^nx`@04zlzib%3#Lh z-Jr$m4$-rj%2ra?*#2g!#fQeib5`34OS3(Bs$ZfRm-zw`s+>ZOUxJ4k(;iDPk1}%T z4~yP0y#%;d^tC$l($^?2G)ups@{4AQ1?|f>;rMr5DO_|M z^4{rn-Xeoa_cseDK9fWq_IpeyR|eK^yJPO$ddhEajV=PiJ}Z*>fcV{=~<ZLoTp2PX*UfmeGE z#&zN3@IeT^2-X83Lf>kQVn;2jpyX75)mjmMhrvp6wNSx(EmLDoJaJg1sgO-|Zcf6y zu$Vs7wL6avrC~8MQ3u!elFcxld+llJEpC=4|9tOBY!XH6uVE`yAm4Oc`A^@Yypp@7 z-K6|~jzJ-AbW0NJre8=A?Tf7;_|1a9o`)7yT-1?&JR)ftQ8lrDzE(^m$)Sl`$Upy9 zHou4=A1=ldkeBy)D)dc*W>fhGzx@IzV51DQ4{NX!nXXYWI2NmFKyg~CGA_5B@VN=e zcdf#nPA7;)ny}C8P1l zET*CmL(Di3y>bD+oCoEM9Dxfl4$Zc4z@Ho+@Tm>zc=}a@XUYcV05xBozT-EA&a|&Q zdnmms{Gf+NmNW*@x?ZuzALNJRGHJOui9e6M(keVSoSi(iwJ5RwrB_%E(tH=MvXETR zDc9kIftVmW;SElMR3~j04-GnOzwv)-qGvm91tTtfbumNsy=1HrhgxL58OK{tyZ9U1 zzhAp72%@3;mcO!@mN<8kmBrq#o?p-q-mlI`H{&002I0O&1#x=0K?oLmA27mEt#k zZ+MG?Fdn{ z0I6#U#+bppG~$CiL&mwY?@OCdO*5A(Zr0ONw6sSKZY9&7^&Enr-mwrWU-^N{96H;- zGhwwWJAsxFR6Po}J|?&2fiWVRF!KQWLbcPkZ1cDj=Sq6I9$xFza%>Kc7RKMU2F@*C zOhs>=zmv$SuI+Rj>-etjf59(cr3seFb4qanu+p#24#(Ib9s67TUHXO}*C+(Syo zdo{~o{W7v%cLULXh6n@cP%?p=#zJ0pv$@5iFTG(V6`$CC;tMsy>lcw`UlW&yFQF2F zi=SL!Q3WDREV>`D&p69a?Z!vrI%*2|uW4i=ZFaKi8&g7_!0vNgqVnn&-bzy));SH% zS_RxKRURKorf$j&`jLaKpX~tW*$uodpE9q}h4zx40l@4}-3MXvsb!?>h~S<`Kd+*p zGk}*rw6 zMJ#EfpVAx^DfXvS`AN}2O30H1&IVq`ASdcU;CYb{BIo_Aw-k-n9@!6s1KDLUHi*B~ z(Vj~JwRz>_Mry7x`8Xa(9oXzf90P(L;LUNKj`eH9h7;p-*7XxHm(xm=V7`?UXwK{BW*|5jmTPLp&zmQu>Li4Aq1b3EQ5G<+b?#nf1QA` z$vR=e2@jq620b**KL1|L&7F@rXzvhy2?loCpU;_Kc|frY!UOMqKfAu-3z*axQ^9Sh z7)J6}k8Q+x*(Rn2-CXx6EG@@X->J0*opDz2qljtJ{=nWj^Tv+6dAdo>5P4k&R3 z0NTkPn>4|a(;Pl_RKm2n0(Hxhs1_ObpEBr+Z3P*9RQXBMB;e zzSHRaF)EI!thDrOW{-o3Gu{)~y4tp5p znVs&guC78)q{!k>r?+4jIm~bz3(zK8jHsBoO01Ve_zmk_JmhK4O{XSu=UdC87n?CD zclNx+Vce#*uY9YJV%WhWJD$TQo#19N_tlpwWVu|Gy=7Y9v$gLjLGS=nNKj4Gf50sr z8s}GECs}HJZV`A3l-z#Z!rnF53DR5ADPHh7tTAuP-MTL){YBrSGKRv634|s-bDz?2 zaBxYP0@E(8LjpVUMV32!!&W^PUf5!`rRk)wsE=ae;;K?*xI@rBP+!r~hD`f-g7JQO z>Q))BU^O!#swB{0h)L&oK?FP@>HBnIVo(6ry7*_Ji*FvOWFy1{*XZ$vhEBjB6qDpA zOGw@N$KAKw)O?i=GOUdhg!+Nq&s+STl>IHC%+!zel{1jvVb_1BMfF9c@{}m^Fk2lU z&fKyK2K8VhH|>AZa|Jogm9q|Xd=)^QeAA59W7yQ&{JmeRY`t^bYYZ&cbUG0l`5)Lg ztID+h=3q`MY*&H)r1lQ%j4&Mqo^yPG>FyGAw{9NG>NKE_8%t4WPu#uqZ03?(@DX(Q zEGD2Ya*5q?Yy?H-#^cpy6{I6EhEghZ*!>h2{anV09v8HfcJ~(e-pAn6o-Hc0C-WQz zs3R|tv4c|G_3%eLvaKaZM&^osR-W1}m+`f!QUPtmnB8K>x)EdIfuE1=H)hU9ivM`J zoWv(4yOk1yzr@h2+fOOW8MX8)j?ep~FY=psSsk`m>3>}Fk=2i^FAp7CkJz|mB z@YbJdGIuvW^p5T`L(Y3+RRPaXkU_0>j_;Wz(}M7zs*qxArk|ZW>O!fE3dMy6R2x&u zVr>guQS(V5yG3a~3#tNx7T6#Y5SPsP`JJhzCf&ruEGBnBo#o91s0=mjpwS-n*H@{$ z-G61VfNsh)fF?i|xyoy|93S$hSBcg%TiW7KvSl)naDRWK;jLQHZ}lc48G z@1LXZA2Z!%swQoUD*au)kqYV)j-Mt{8@jztuZ*H*&D+%Dlrpo{K~alSS6hp#3VSXy z_43(rzE72Gi>)BFKRucs=V;}3D$_G}dUb?~N(3|XTMHz;evUcj7|`K9F;dOcay~tY z&$!M#si%DIFV{ZEWv|fuBbkjh3-86dBuPTO!OM)5WU^%7a``PcKGoz+{><}6M_`|O zP+r$6gN9agJ<#EEw8{GDf}Jh{?ss2V!at3GgueFfJIA+&IG-2W{ZXhMCf(z(T2(@~ z6vAj(NmglyvWU#U;Bd7WmCKiZCx<2F4DBCEih`m=ZZ5X}@h{RVEe@`7O;791l6)H*HWwC*>BKrt z6g@Ya2X~;Igb|tb=N#eNKBvciorO<^oeVT`7^!j;-io~7Fo78S7Y8;c(JA`4cUi2C zV;@+AP!#7{t=m3dI)zVV)&Fa{biGOkFc96_eDiZ^Q(Le*nV~U|JzkDpU9rCft>wP_ zt`*|{S5)0Uo?f(@kM%Zvs;S(?s|r>f+at11(JdVw-}`u5fmnl*{%XHuu(>BiTe^fZ zPQ|57$D_9|)?T#sIB8+|UJi?Tln?)Bi4LpM^^MNyoFJX~HE%3XH$|`vi7hMhhl|qh zoX9Mw1B?)$u)OkqV(i53+;^#mPrsb+-L&6Ejx{-T9c6CrJ@u>HtxA@>YAlWAa5-;(*csMw`g;~CP zAAaQiS{63EGlFBOJg_4t9PWI3EAOD2Qm_*Tr|>PJo>GkPq|h};~sVT{ngJAYEBRM^!&lx z2Z|AbuBvi_v0jKwGR&s83!83P#7u5 zi>szkJ|iP@H-?{Z#JICn%B8k$w{;yVs?kCOXb*b!sXu}t64H$Ar}%?tt(;rDussU! z!F=22gb#)`tb4*GlCUuslC`uX(oh`&bB(+dF)X?OTvJa*p--vlp3$kSe|YU{afl+| z9y&Hr>Byq~zFim7RNKMFej)>0dpv)SEkrgPP^A1!3l7wtH9`^ko~=NM&8`o_d>u)b zqbN>pK$D1M^gwZ)_UCFCT&)RoOS29_OY;Kt-db+~Qs}#?f(Jpp^4|2$slE)JHM;2I zH7WyQ=Gl^3h~GTM3q7*7HS|*iEE~-kfy|F>9dHPB)~YGbtDwh;H^GyY<}N8+UegkOEb_EXJQ^C}v$N^a!IxR=ed8~GApTAF z?jr&5w;z9~;Ylz`5Cj4Uv5P0PCRXqv!R9A&+X3?sNU1uQ_Q&yXG zqIs)gNp(p%5s0Tb!>&CzIV?@nFD<3lTK#!<>*=-GpPJlGP4e}Tfjxf3{~6VDXNqAb za~%>(O9!0}n`ix%R;y&JwYf-?X>sMqhxzsH2&=H}}f2CB5xO8H1}WN0qxE(Bl+v`Gad z`$9T)OBjZ3t}4D0A6yjZiU-y5JZ9?Zl+$Nmiros1b>b9KvKuD*FxP<^`Eh}gwx zr_5YB78FAv*!q{G>E+QkJodQ~w7S14QVRQ|n@^_WlmxGc1LHvWK%&9yfN)>@UCV^b z%z`gN(fD{fwiL~2Qk;9d<`8Yqx0j;Y&vT#CXvi73yJe^PoC+h(_nY2VRXExJSqNYS zEN#T2hHOV%YTkER*>msUUF-g^QN-Z$FQxR$~b zkVK~>s?Oa4lD?wJ^DL~h9qNm`t>xnW0yM1^ir%?DC{X*X2lpP1M>)Ff{-RgSrZu`l zPV3k5?=MHAh1wj_;&%~W(q8Xp>!f_KR_W;InAJZb-Q3)`iL3$Mm~#wo?u4$U+w_1I zF0|-CdQtrbn7v>`1)4O5pr7|^h9IUgCYSx}d&a~}cvndnflwQ3aTHAba(L9Wki&_* ztS|GQP-x|LQRY>zMXXH!sxpUREvN1F=7x>WC5}Swo?MX$v;?HYj;99mdy~{l3~=UHdcSg z0=LU%`XDf*ka@C){b}t*u?4k4wm&G476s*Mr%umT5s1UPlJ{k0I#_@UH$ZL2M`P4vP%8Hx!}$(19GuRMWePmCZG-Py9iec$gGQ{mrV)* zGUZ)SHIms!aD&_cQksqJR>Z~jFKbc)`sXY&OXaokBiV*t^LcLjwCiG4^03B|CyrSl z(pK6hMfu10C2Ci`9|CB<_v^XgP*m2x+Conm$180YCZkDQ))(dY=Uu2($ti{QNJyJD z=wzQ_#{J|0w~)-4N4^WD%%%zDE84$BnzKP8-h;0m!e{y}+yaOQWEQ4OM!PdE$K$yta+@NAazW$Dz97AOk0lK=Q(O#ZKL@oPB%>D z&wyP!m$hO_9|O&XDmww~J|RK-0Ac{;-2#)tb+Vm*_RhSg0p)KUg0B;bUC>9oGyJY+ zHZJPcZ!bY>w>gz?nBwiR9*Qb+CS+y@GWx%mL+0FkU?NXdFiw9p?9+m04YF!^n5xEJR}J%f7L&)( z9A~r*2^OEpH^!f4i2j+c$Mqxaa2$8Fy=u1PGUt9&t%Uw2_sWH<;k|L2>1AqSCbQmO zZBSkD?k9dWjx!9MKM>`U(Gy$Q1B%4Xf||5f6=SXOdQPK`GV_tNUre^KVYVz>6G^*Y zW3>b$FlU$K`hQG|p)6mXd?d z6EI~5E#zN${vBrxdLRt5?5&cDN(u}6V`*FMhH>-$x!P#aK4~0p7#9x?nOIywnu;#W zlM&2wr2pyfg%PM2IIrFMKb7uXs8o5<__%7ikbC7blvSGSIw9hoS=%;93^>0ISzKb`Nt;_9^)63u@o}*?pGT-a1>60qYaEo8_^BnJE<-aPqym9j zY+0_gd0w5=O)#f@boy@7mirgk8Rds?e>2X>32|AtU9(LR;I|!UG71TI>b;;)v4&z- zayDDe+;PEGJLgDQba@lJW&utrs~z+zamrKdVodh+ebMACldc?yLnwgERoJG?s0orr zmhs*Ssh`KxWbvPmuC19E8wm&r8733K&;}JKvA1iR_&r*}%UfrEN#W8e$@OcgFsPHY z8cWOH3jirm{Dem(IN*UAaSgZ#ww`5<^U8Ox`8~|Jowl^Gn*9ruj}k|S zV;yNQy#Iwy=+9k|)t!r=nn<4$d>~s|bOM|vXHSDO(`{w=BX(Ka9H$3fLXJZ@zi}2} zaVW92L=+GrK{yKsTPglVeec=X)x5mCZhUlflJ6b{NE{hmWuPfqX>l?A^S5%Prz4;o&u;ze9HeVUm6tIt34sNEr&IBoUh#6%jg z*UPwF{?5l3yVWKQ2|Suds2$$$(cI5nsFBw~11Owp`uD$>1C2V_N?jRur$(Z870?3& zJwnwu93xg@^U38P_7rv>YN^+lQa{_{%pGmeMkYXfF0NDtPUnePBj1Y4{E6e`U2$(c zw&&RM=GE5}$K~1;5eA@1@YtAg^UK|eds*%-bQff$qN*9wb8p-juif${l{$?8p}1`gT`u^mV)@Avd*XKiu(7Fi(;~J5PX|%Tjq$oWaLm z@1rG&-DrL9l?mgfUs_NNSz>A0j4((zZarJV+tah>gRHH;EE1T|qlJUo=l zE&DW6d?-4~vGX`vrnMV_tNI;kXCrAfp2c)}dg?Mr<_?`W5iLiJK`n1mbo4XdL8fS43$LR;;Q3oipxfpCIDbetJ8lP%;7C&P#E}?_+1A%x6lhVTR zQp+JuXa^M+P^zREP!K@BkqV$T@9zT;b(2ovn|-xOvVsluP=0%dNZR9>W-hz7$9e;d z(yQa#yR7>CTLn6)gzuK_vfA+bx2@>$x5f$I916B?soeW2IRXtUr*z`Pob`_p3^|Os z4}A9F3|b@BTd6O;05lHarKVrljab07vU+C^<*Y z8dy~69{D?8+Mn;n*I8(GKt0O=;r7=x2)dDNJm>hI>}_F>u?qZnE-#&1ETu@jNtLl5 zQ`6EYf0i!{t-oEeE6D2GZ@XXbcRow4c{|pSC;s{@Wyt^cO2kqC58TZk7Kqx?(y|k4 z`mBrZv6tEB8ldwbR8;uc+(fwHBzQPFSONzL?k=TbEbT6g)l$0o5|Zf5<i|Hd3k?dl{~$%&Hc2^(?{G1wj9lup6Fecu+?@hW?CFcp1azLsv6q+W2n94U}KZu zzUE62-7i^@$jfM*<6JKMut5WE_nK;uTk~*@&*HiFP*9eie9geGr{r}pSW5WsJkTTr zkSMZtD*$ZQNWIj*DYsTj`rV~20Gy7xIy~;*&q#u=pHZ)O+FU0Rpf(QL1gt)YzEAjz z9^k75By~L0J8OWIiQ4P^C(pBHLONDf9q3#V-zSGPM#uKshE?zN+&Q?DJBq(lB=Prr z;f5jo7xueiXmbbyNX#HnHTQ63TdavN6)p`w+IYe zp-wgOq65t3!4!I*HB&sjxJ>oureLP9B`&OcD6uu4C|XwgUCo%nxbY7C1o%P0BV@~; z4(+FMC>X;Z4B-9u8_8%cu$y9OHB#VyMehu1fA}C+UyK)+0*&VXcLP!bZsXrISJ)~1 zcR67z1yqQ05PcV@D;{bW1I4EjwlT2$Jhs%784h0|QjoZlN;x=fT$gbQ1Pzb=iJ$Pl z^r}WD96DJ-3|#sY{5Ix1a;03E0f)e3LZ5=Cz)nCgK0KWA<@Oj~-}o)rwy>>2J67<> z$p9)EBybeoyHh*LmaxmBJ3{e#K`3zER=1O+r3&{{uMPnWLFX2E08lZj509_+4jR|O zwFc+yoze!(u|I$OP?o^DpP8OXLVp?>cHPW%6_s?TnyJb5UR#<*^kMr%#_gjm$b{9Rl=x7jc{ty3N%?YHK5q_Oq$p+!x5+*|P;a#{)tzog)T( z=OQCf(mBj}O82^L`Jm1}w=wT@WDFPoS5QE2dU+TEdGv^$Gks{-h6Zj=WGpx=+Q~jv zrW_#goe>s%FWd8Znf30`grBUc$StkFOTE_4GpZ=P``<6QFj={8N2(P}v!xYthN$ZV z5EXoUmG3)A7R@h%os$4ui;AJV5LMeMRFoyx~) z^pUUl`1l{me)y$rixgMPKR;HXb`!j05p7T-q7h%eK6Xjf+AX1wP0&}X!MP_P(*UPI z&bZ=W35gt1=f3<}E0tfhdX7DaQC1Q2w$=;xv{mT9C!3kGc@lfEhPMAw0cZ*EKU7HI zoy!e6LgDYh60tUOk#VBu(gl9^p{*7^g&VHE6aBcMyMH$%m{z=t3#mveQq5?=b9Y4G zD(&>)#!jj4)LD}i#$?}3#W70FO-)hdzOCYaUgQ5Vg2!R#{BHa?dPXf78mxXeaHi$E z!E+~bOl|+DQs#MUeNIf3H!-P%DG+eAQt&nmyYn6H-&fMrEzY<}PEk!VAj0*nR_x}= zcH6p4_{JA$raQ!C@(`($l6t6LS64e5;<#L2h9tk4i146PBfLVnu_Y{*$vCpONK|Ir zi0vAc{Je@b^!celxtZ5Cla5Y+e1qM7(WNbW?GYTD^l|C~q>Hl~UUeGRoR)LGV6cFq zNS6c>RzYRZIyIiUD`yy%edf@f4-EUdh(W`CHck|}eB~bTAo#vCzvA@k1xefC;Um|> z9hWm5HMND>+gF(%e8I2Q;Ln$nPEh}@H!P6sK01NB5k2=SS$pSKp8IU$V-ePH;~361 zF%yauimC+~AGRl__2d*#V64ON(={fIz?ld7D~g^c~+!;#C<&uL<+jz^>r2i|QmkJSY80KNtf!f9!rApdj8o#lyp zyosUKl6I8{YMPzZw(MCH9jzPd1{XD{4V06DBdq+MX<)hRm+|abaP9ZN-TEn+!ex>R ziy!~u?vsa6m^L%8zs zPj2!vclWS?z$+u+MS7M%XI9|q45XWeU9AluE&(FkpkBeArodC*FhJQLCii&r6%CNu z56$ME|B6bfNRx|3DEhGr!+r7N6A1S@JUEWLdlqc`w_zLePrso$CFg?;PTwLjLGqV= z0HTS%v5!86#6FCvQk&7;cr|D2dpMoT890Kxn3q#V?3;cti2NBHYt=x+QSL|WBh|mO zpvN!}lU$0J(1KxDM-E@XF8Z2_$m|xjkjRhY!W85q{*asrO(jr|0oWrzF%@PM=OzY( zytGV;$#!bIXMG%Ti|%^0TgU5L^C~w2x|ol#XnYd55)AP9QD}@0oL!L{eY9uXxhLut zT)Sac8Zi#P9c*dBMiXO`o0kZ!hs#k%dYi*Q9=NO&u96y zG(|dwy60?BB&3_aP;@xqY~M& zjta_RSVap@TxR;1a}gu=ap)~#N1>XheK2OVPvV?cj_T({#DM7Azr>qVq!_^hpvxtt|o%n zjEFodNm1>A!Y()XjCM;5bD~9IN$JElO~}ft9jU&gK$o==Sf$v;x0jx2Xkz}QofT&-%t!a$ope{&k+T-d zR(4Jcx!b?SxyEH|O0N79MIgHWKC+R1O2o?D9fpV+@Unftwh!tP3PQAT{zcUY8t7@} znb^+IQjUpHnO>X)g^i{E>WZ-X_Oq#!9a0*AOtHjtCjn^qD8uUpO@IT{@L=t$|5A!p zrY!(R(>o?_)m;XSuf!MYCQHZ+ z2o)bBHFt1;;Secf#XLP;1@=5}eQ@8;#-V(VbejoSA4As1TYed$slBT1?Mu$Bx^~A7 zkib|b1)=~oZO}*y#xV!Oe-v!cg}al@`(Y6_?$KaNAP?Z94Hq1yTNhR}%%}5rqXJ9; z;K=QnJ9<^^Ny!K|kUk}FENs8tF-T>IHUJ{EyCl|4wAU|fEZ2?M@QP(#nuoI>E5U#o zF9A1nRb{xpikp^6vcQV8lv#MXE%@~385sfj#xC;1zYAbQNoq!Pu{pYSK2ReIEeR3h z8kLYWxfdgws#%~0=_i_XFRVG_Yf7(tKqqJP$lb`#^Py(z2_63&-+T`;#z_7pD%r7Z zK}|X8t-m8Wb63+!RYQ#(kGwvUmU&2+;$s0YB%%ENyU7bXWT1NQzp0%8n8kkZqHT7? zMlc;-bv{O<9p#dT+ti(CAc-#NNvVLF%=J}PvB%4M$!>Zhmwn^=k)l*1Mrh|czngjJ zd(GMC!O!w?&0>{oYO+Ap)2MxJOiSMNk+I6X4DaeFmje_q~A7-zm!T;D$a$84nRHHjvuzbvXLFh|40V3%uSYu^U;_up!wU!S1em+%(=k4Z0w~BCjNG#yG>Q>zqiTHlftUatv}I)RG6wbV zr!nioH?cR3jh!BEFd)(g1`;E(i+A|8FII$U?+IwBhBS03X!-y&E}I5w7K{p%mDc~d zk5WnycE4-5VR8}8_;HC<-L*FFE4mI~&vb0p8Hy*)4#?0(>rx$8U{JtWtT-#lnHE5U zk*1}LJNfWt9;X1vOAu$vFIW6H@m|V@Bk;uYQpP@PgAU;;KN`kEjOqJUd-!7urysw? zL9g?5iP#_P2t-O5%kUTJdi-EM#7SL><((#vj%)9A+}lNJz|LxyIJPuh5a$iKUlUr} zO~OsbeNNM3Wv{1?4i5V(0+p%B!p_esU4wgJ2xBaVX)LNMRKZ!oM1kV1smbhU>ArQn z>_lXd!RD*^7+ZiW#a^!4FddG#i5Nt)fhECyCgoIYiV}!gDC>!T!6v~~6{w-RHWAfo z6wUXI0wzr);oBsIo*ek;aqRTwD+u_Uw4DsW=8qra2< zIj+HggNowIM3-chLIPGUWmL5~N8oZa@l5?2nom3(2ldL_GD=phh^Gy@B?mbLy(A$&Pu+Wp8@4SA={a$9#S?hW- zd3|p~6rf_LmX^$?npP#34IK)}y-@g29s)ow>Wg&%i#879Yu~4p>F1l7X{UbtEjCts zU;vZvgV``3z-c=e<1WXt}g(P z?`VpG=w6QV^JOjRbr0$vUA3oK38AB)EcNV9-^#YQqC z{{@gerV928nCuaIQK*fBjyAzsTxMYPrHtjWmwgvl!TjO#lt5RDVHE@y>|DlSx zmk=pHFX>xO z;%Kxzo1bqTF~v>G6HVXt-ga=RmEhqYul5Y1uoT$y_B>OKeDa_78r_xb?X!(sF5#~p zaMhTIyzaB_YdFsHuhzVyYDDK?njuFMLjy6aS3ObJczMlcP20Vfibd$RuqnSscjFn}pQg1_#n&&@UMGye_;< z?M#x$IxnkAZ8`UmL(u(|u=;lYR!9Uk8~s@|lAz|Rs4LFNV5s@HvX0W3a?Kz>FyhB1 zF3p~F{YC6K->u^=!y|9fI?J<|b|Qn0R}2yl8t~&6H=r6jO~}8&1W4nHU54y@v^##g z<2QixvyX7qPhsv^Zl!isblFIY-9P6=-p^7F3|?ZiJyk;QL1(|EgHc3+wtY;0EX*#v zKog8Escq9Y=39WgFCfU0Na`+vK~V%S_mP8_SM0T>5XMdC`Q_XO_yB{Z`q8tw&~Fp< z00E7BF&_>v!83ap%8oyn2Ef{Z@1o+!aC$oZ;0M3c0w?bF0*lGWl7fmg_)uKKICw>$ z3=ApKkOkC7ajrqu-%M%&(hQ6k-0F5>O?c7m+_Kus-v~F zO$dY-|3hKol>)3>o?Tl-rjci`Aw1aCv-6dSVHAGK24$6JY{O6wxr_yT0@Z+t4>?c` z5C5VLzxKYt{?R9JcvGb|=ORnxwe;7Wv(`6CLL;YGn4g*z3Ni?vj%Jx3@*WF|t$wwk z0&ZhSI;q(^9wLogroQPXGRuvNo!dRmRh=h{jG(~VMW|yOu*mRaXJ;36GY#ox142QB zk*fyQIrO+n8&v@K@G+>kRSXBoSbP|VLk2OIlL}&1ZQ><<=3aQp9Oj5Y z%JYa`D48~_ez8~D%GB(yyYEsK2wjTAU8-ox*GPWzJtyPnyB&!1Hb4M8#bOZ#hn)5n zy*RO>VZFRAtOZuqq+9j74KV%U0f>Vg-4v1_${!5C=iSdLc)>NIg(2dY1E#r&+ zmSD8nr~$)vX&{HdB`Ph9y{R}#ic|1ymze^<4kMV~Nx0@x>N2O3fbzW_0c3;vK~ujrKU*mR_L++vRp`-&oc* z{FR6Rqm@r4ADZ?@_C$RQ`wtT4&_tf(kEiNwZS}^s`ziH$eSqt7t-?In`NuE)C3J00iD2hIS z1pru3hl3}~BFRSe@TNs}mFJExGr#mZkFWv?><+u*#9r!R2e&$ZgBuh9(OX^O&UUj# zEv*~j7<6U8m(*_rOLX!dTgk|>TP!WanQ3lznY%yeEcjg3)iyX}Ygc`si6BA@Oo7*+ zX=j19Cldn@QoHhW1AZM8onxH2uFlp+&E!ubhM^D#zefYm&IQ?LzyY@9z>)X>95~T( z?K+-6g_l!-yq6J@OC@k{YH28U1F&>CCxjBgB*o1N>N^IhyH8yloStSd{7BGmVALb9 z!3W%kM9I^g8n(;p0n?xYFhlmC@2=(u@qiH<0Ely5dXnj&1S=v$w#<{PuLgrFh23WBN6q@Hez|w z&VLt>!SKju1kYV%8KMTLGo}5IqI_cm%-l7ur~Cm&K{&{{X^dx3EpcsL5fQ2hDb=em zW6i;Ai-BHt-1)VdPm~uw6v&Ug0k1)h?R0+i6sX{e>#p~o&iF4M_p^^~(YpE9ygX><`)ctYHr|>f{_$hb^VzufPTnKx4r|)B zv1kA8y9X-R0BD$dE$mQ2-Mn`@{hgbLjEl0fz%fNLDX_cKd^J|bKD6T4S)!~qx1(rK zy@Aeq{?oWsm968zM|v&z4JMf{ItUQiO^@Vf1$7nbzhM3#U;x&z;|3m zg7r@1nJ5HP)o&zcA$|kNzP@KHUgLGl=L-pp>buAsP_~K&D>Uo=0l8Z2{s$83Bcrhc zU*!|$n)jmgqRx*b4v-`sN4}V1WlT@ORT5QqX&PIwdx&2tp$GU5IAi zHJm=22AoU9X!YT<;`m)HmU_@jHTs>Jcz;sB6$Jm?%Z2c9t#Lzt&2-@e6!yGi1M2i} zMi4RHnWPQ$1GGKzrH?7n-es&fi!juR<92_Tx~U?_%fs+{?+hTPQxj$K3&P4`5ZW4W z?JJ2>^duSC@2X%W38YjOix%c5?#4|hQFaC(b!)x{OSb3Zm9^oPQpKINUXo%4aGHsc z8gdO7AoJF;8@RZ;7WR$@30bh z`_fKC0m?7noE!V#TF~I5J2hz==H8cnDpQtFll{z}MBrM?g#tvNh=)p=+w-cKsl2e2 zknrdJMIz0d1_Z~d>s*_1t!WiLBJpQ5hoC(6l9X(#yoFu+=M>(yF{j`uY*8!;Z zU~6N`EP0!W)$|Zr<^O^VH>eXdDWEjIFti*`q3qAdZi3g&CM(*es$J({cjd&I4T7&0 zZrnezxA$&+ofJ#0n0)QB@8}vpPr3taz9Qc>g$v-;(>2XqJlBmQ0Yo!paRSnqm%}_-C9$<28vIa`C}I+-&T%`O=TXIQ0#T ziY7T33r6*X+UB_eoOA;>ONCB(B7!6I=ZxJI2&or5FU;tir)ihMJ3e%Es5_S+lO~R+ zvBO+BonV|ED?IlKr&yM{z5{U88j(vn4|ZP1K5VGrhYfjIm<>_WB_%5$juyn^f2CgT z{j@LqM6pLY0foOpl4)iJG^%9uFZkLmg#Mov07}{+865E!8axl-=cJ+8U-02agYQ3r z`SuYQKZOmiQFav~qPYv{3%`uPx(d>dN1WD)AXGBSc{~^ZTia!t~bj8@0c1#$EBxlqfSwVOD-qK+#qP zTD;5qIF2i9Lt;V?1hDjsndw_^4L%WX3qJ5XW@mC`jUw04H~A`T8@82RVoA^MszD+gEEcB6pO(W)JtAy! z_x%2Vg9NctgkLh(lYmK<-nR!V0hgah0ESJE@lkjv9g{(nL`L@!FQ3ynC|Fq$bLsam z13b&&iB6E=eJO4G1Bi{|gsDd_Q-NZo`qB`)Fk(}ZAm9^ASK zpzL35qf(algZs{`10n!{@426)((%C!(_Iz)0P!zBI{89)&V3&((buM62+B!-jQVjv zie+_o;&Dqb=PnW4>E>^{mlJE=Avmd_C#M)&zzwAOJC`MaG?M3d7?*puqIe*vQVLew zfdR(2&_%+8!}3@7-9n@=j8(gwlLJ<9Y|_sWrk&Q%89tdBC?qL0DKLUCOp?a0X^7c# z(r~jmNIQaH6IPcESNeXkV&DJGTVZc3Jyw0l;B#@Eu|%eGmwZ4KA@g0F=v`ZuGXz;` z&j>LZ@RdtrWZ*a^`Azh--e)iC6GyTV(b_(k!Ttgd|I|-<-mtk`*EeETtelY|kj^E4 zA|%N*>DoM3kuiD0DX&ks!#;h`_4G8`Bi5XkD5TkM_A_GMY^5XxK0e*&fk8h*zQ*A_ z)?fN#jmidauNl=btcJ@@v5&h#K8P0`;HTm^`@tQ?g-y?_V;h|PoGd(c_Hk3{!%qra z-m>X8celq6Ju95MIi82U>EBb?W{UB8tH{g}I588o^LxIZd0()mdoRn;(cc8~go`S2 zZ_^3&v-~>!TkGJPSYgmxD z0f`1O$xX)ouBDQhU&`z}zY@#NVW{bHA&RtU2=dOA&KIutlk5@d55?Me!+Z0p26~vg zShdjnGdXA#%|L5`@znlwE8=nlI)(*!pIRaA-_Z?JKoH_=Zd2!Ta7eu+!2+U{m2#-L z)J+$*G)VOB4sM8M1#xN+u;^9ciajrBVjC5@d<^8V{~S!dR&mA1#`gUr8qc8FN`#v8 zYXm=^>i#rl-P959EeZ}7*Gy5xdo?~D`}jR8#_^`{B05}J*afiXm-d@GH*=L5kJ-#{ zo4A+SVuV}Djfx~-dfEcRF`t{F5-OhU>`%twKHiX%`FeS=5&Ha?j@+KYWA?ak77=(9 z$&zO2sdh_R;Q)A;oNPMg)ey?I^@Bv38^<5bgh>t*NuSr^$)y8lCRcCRKMFiIJ2`gA z>fw8leiqH8#DtXus3WCf1SpU}3E^f_0*kYP-I$9MD_!t=onEHSS>?~c$&&i2m#}Hy z^5S7QFkyHekX+Qq|EO>M`c+Y0fk8_5#s7ffhEUvJ>Sd#4OO`}Xq`vnacohaIR>%Pw z-6%;?h<1R#Yhx_7P|*Z&lL<}aXXSRt%kvaSX_NfjHzGdEx*f9UHq(Xy_?$#}+9hAp z*_f-NvKduu^O^(nQ2?OyD@JDWG~uJ3o-CnCY~Zhv;DsPAK=n0ES7-|QZu7?eF5=K~ zG1)4~hy`aJy#8qZo345YL(74Uq|8}M@2(POuN%_ORVP`@0pl@o@M$eg{BfXao%2#*<2<8CXHOBBh|k{ z=JoBgJDjYB9Uquk=oS6^VB8}8eyOb&_4RoW1GeWD>lK(sl(gLq;&^ip26sX~>9TZW zaaY6j{=DBrtpEL6Dj6?`3N~X=)RW|$%@-7CNAM5GqYHU{lJcX8L!^WuT!4yo)W(UX6)FD?czF5zs>h*~bRQqhi_v7*SId}2Qe zAk`_ApwWh0S15fK4)Efvi7lh?9cMJn;hvZV1cg`UAoihO2TLFtVg4|(6V~A#Y)h~l z6K#YAh>t}fPe#v_tt`YLIRU`PHi;1^)KA;qs{lh7hWXxP9l9jnS`z@k&Z*Vw?ANU% z7g7u9T<~d)y`2R|w+1^?REOWQ!^U5;O5ZoY{(dlWDuv6GSxm0Khg707FtM9sL2zkk zstzruo013@vkPE=hQKok_lT?RK`csgy3vh8n44M4#hCwHOrKb1H9y=NIji)Udx|i^ z{yk<=9{`Obo@z!IfXa{O!-h5LcZ<;FIg)KF1Wzm-xDf>+0su@lKIEbir&F^N5!Bj{ zs-XqTfwLrPHBRFAadGc~KUNQd_d?NdI8UAp2>5|CJDyW1cPiD^I9=G5IHP_@AdM7& zq6FS(wb@JkX$6>5zkecaVC0CXlW5%kia=O_!8HvI!K7byx*s^!DD6*; zk^JJB&O16uyBVgPSM$MDnC4(`qyVB?>Ku_PLl-4+Rnn|QbavEj?5iKA@{EafVQrT@ z-HcL?g6Kmq>jzDmiT3A8pW_eGOgnln*tBbyt=ChZ?vDjpR>wmdp6t)Zjrf$R&10G_ zuvL>SC3!OL9&2L4&^*nz$&LL^?~AU_5c9uF65B7mJGHmIuHOI0W4`Nv!_bzER4#;4 z3%#XbwEG+&yHZ!%h-*nKl~1X&za0M$Rc{&ARui?2Cc)j^U5Y!!rMNp3cP(BVg1fs* zfdZvyaSO%Wic?&RyTi%zz3+FCSU3V(`NrKQ7#p$!6tphA!hsl%i&cNC0H+HF(8djCn zAjVN(6cZCu8e06sgZC=4Pn$mCCu8~nKjq0aRb=aJU8TIo=$3a)KyXlmQ)Q0-8S$O_kwORF(MGlD)@+Dt<%!g*Rf)Q`&vpeR z6K0jDmWya2?^~y1{~X00)Q%$70O?|=AP}%<=$0}Z5%{X`ryJx%V88j zT9ArAHdbY0iQT?2sNHMK8$H_sVXKoN8xg$sYnom#=|(xzv-d;G-}QeIh_aGwb^L)B zPcN!=5d)*)8F4`gB_viLe+OF~+3OCx5B7j6%tvJUHl7^~I-)zx*Na}t!(~7Z1*q}Y zFUvy^s$xOeen74|gBZK4K4T6Z*NlIXc!;%${Um};Fpyw4fr(I~OtbG&1 z#+zvWf5Oojj)kLn}bNcMQB%eRUXR+cc(!J#+oLT3a%*Am#4ZcHg*&PnwSs^Cv zO9sNp^i8V~uW%As{2B=O5z6;>?j_dR@&yb&K;o}|8q1oKycT^LKVhyPmm5_#h^y}DnJvSo@`FU^@I^gOS_Y!(kRIpLA%|XN=)(6vZ3+tbRE5H?b{cVJ_GI!8ooDn!wj5lS|=uN{q$+=+Eb|!&fRF`rZ|B z6z>MYych%O9f?09IR=a+o(edgKZnDHXsAaZN~F$O%4k>8ZhvT_V863{>{?})7EYk= z_39*uvDBu+jjpU*%BV;od!iIeu*U9^q9dfz8wIofc~;b6Rx6PwyRYn@lTC)CzuDdJ zD<~?eUyDpe6;+mh?NZ7&pjs9rGRU-NKAxUpM(b8Z{mN14R>GF0SS0151{jQ~R!7id z$~l;6sX|iHAX%#Qt<$qKO956Kn&2Tsp48Nk+c_L3`2x7CSf}9wepU#~ktR{bJhQ02 zGdF0XcB^S+)gFxdYR>rKHB%4)V}R7Fg-wFbsj!IB58oF_MjPNc!R$#wu;ed>?9mbk zh~`BAgiYOV-8@1t@}_qB5y=lQg*JULm@F*tGT~6LX$zb&uF3h8&@4ERcbKf(L79D>m zov`bA-&}9%T7F!bTiky(5rW${hpQ6c-Y6IO5KJ`3Fp|T23&G!7&^>oCWOmRSl~MieOj(Ly#604SflHdsH`LCgAY zi3+0w1d6=`JyABm7&d?szxV(=OV#m@%9+HN5xw^jg#9Lptxh8~2vM_N6p}d@k#Pkz z2GeU+e!JIw@%f~2@|Qk-aclZxvAN0x?A=)W9RrkUmJ$pXnEQT3u>8F2v?KpaUryh?esZnC?kH_(8ac zI8Opb12YcjO-JFChg$MNDOrk8w8TIY=Jm8Y(y-TdP)cYvLqwg&1opWrUMq*f#@o+& zf*5gydXr)yF#$B-2zZDo9GB4xq69=7KT;g#9EoCIBP{7;jqk7TkA6a#xQ0HTpQ6jx5uFUvin7;e_IBJ}wb3A_?#$O?~VR1cPzX!H#VrvG>iD1td^ z3B;*uby@IL6X2egLc;??31PZHOx`y%Nkd^9FEU)N1uS$MQ-Nvc5|pvlVc#kA>cnA^ zUC7zEykT=t4||V?0y>|0;)M3MOq!Lhf-YcO&HQiq*C^>s-WqPcy=N4@^dsc~^;dtL z(}6qwLt~220O6F?s#OH;OgS(Nhv3;GMCN`uS>-8!|FPp8XsQS+wdhc-UlXKo?OpSs zb*nvfZc*gyK5l;a1d+mz3e>brK$qY^peHO~TGcc#piRI?gVEAU1eYU@Dnr*3v_#7Lsqxg_oi+J4Y7doLQ^{ulSaO$plFjb@uf}TH(KI8(bDlYH= zdfFnlX)HggW~Uc$YP)n6aG;6?1L>Ku7!DZ8WacH&YUAVC(6)|EY&{42x5fFl`yTAb z0Z$mU;q(EHy`%#eN(E5XC`isAvMIkEsuzz`sJtn@56_aEn0%Gg86KYEds4qGnOm=i z*bH)z@(jUSj`|3Tk0bghpB;9amZ6%xT_*}a6CKBxmf!dgH!ge8`$VTl=zY4EsYnrw zr}1w_R;aj7UF^25&+?UfDymQ%l|2&o<};j&E}H3|gxf50(|-g2apc0-NH7{DScw2< zgWpkqk29d1OHe+Nlp2N}RY+W~b**C9t&1fDe_`**0Qq;_t=YI^EQOk!NcJOOf#l$u@p0AIe-&roPx)9TeeO|z3Zy7QOvi^g&8 zq2y-+Z-V!*ma&p8Cp2B&&dz0iPo>AL!4Y@*jWm>voaU^SZvi#hI0Uibc*TIrp5$hN z_5FkuK6k`Ss^f5q^J=k-zv{@&eydy^tJI&1VIwF^yt|KjcLjO90$KH}TXC1+#|R%! zDhe;S%9S;T^0*(rE$7q=ytyan>v;#b7x=8%AfGRix|8^C?=5}6u{e9i)Jla48VtzXZaC{HaEZA$Ex@!qxm>h_MeEA7mA`P-+25?n~ z?}<}=fnC~4O>uuZYR8}bhoh=hmig`UajvlRq&Tu4Wsq^Nx{w9ElkycDBCFL+dRi1P+gf>%?lCNLS6_cjW z#7XddQc)RiM6M5FF;GUaVJ!`Vx;(nCVj44WUde$g8W3w2iKTh>1Lliungy8hZzoNQ zw7_wBe*8i@(@|Jc1rWzSqk2gL=T59L@h8*bO#yHuD%&s$=F#VNEo?wPU(ZDd7lWZ@ z)zQnfXR`jCDj`1-q>7Nmh+!WeTuBowIVo~)TXBsJR$#jr!@u1B~Was!T{oft6h9`y;dfU~#EJ4SSkE8WkYb|^eqEInt3SD+{VIZu-1#Q`R7Ed>d!fC)F zP(G5P#?3wybsM;(;X)eekmGYZKkIYeh3uVmF6NQc)Ee!DxA1D|nB2>RQ=BSG zVj>|tCyi6DVodSBW($)?p66cEEJrNvbPMvW4mZ<`p?V3Y1V(yK@XPKWXJJ6LoAr+s#7XGju(FjglGZ{wnjHDcKS~Rj ze(QrEDXp8En?Nlu2`B*4Hb zjJP_$R2?Xe9c#l3+;>@<3JXykV1Wlh6rQ6!muMrex3$`$Z2)dfz)J&_$-)mv z+sS8VJdC9xJwr|7M(G?sF0)Shqi58iw64c%5G_{TBLIL@#{eUc+(koU;`4l(0yF3W zpk#)*@1q^2M0cM8U1y>dDQyn5E1d#V>`aB0b8}!y@|6Emdy#<@?RyZHaDZVIw?sMuJ3tx;s;l48T4#Kj!&wLImiN2*qPJI)OK%q3W^>Z#1 zn>Jj^IOebSlIc}c-4Q|I6bMQg5!{7-MPYdmQz!v9H3i+>PPvU;(iM|qY=2)3K&ZJmm}5N z$Ncc8BZ}7w9*A%qiDNVdpa>WzOGlUtC}!8#ZrPVoUu!pRaN%Qk>;Oez=_2y0ImmN-?`0H=deTiyu|V@v>$?U5|46mb-INR zb>q%y1^|Zyy=g9&-9r_;5m>a~z>+8sGl0cy@s|m~1H?eVvI{8MQF6Qq2^<4q2e{xx zzJ#E#rx}d<(LmsV{eQwy%3!%_fWwRc?$lscKERp^AnISFoe2X3o&a{=TepO*v)dB> z%Fm2T7v{Z27*NVJoNbX02x<TL>H>rKm_fP;vCBp!F- zl%Ex#e5rViSuIdbb7xFXB<&zt_$TLQb-soT{K%0+3Y9vwstAbGgW<$#zG~2e=$JHl zy zA=XhHzK`z{!l^nK&2Yc0W^zoZ*?!n({Ozw+4xYcKqAu@&Og^oAH>&@JuJ zzq8~&yR_NC5NsvOs)xz#CuLZDLoh$SwLm%|xR-i) zyShCtco?X~VyAcb6Gy!>Ji5NNQEXKALyoa=NiU<8VGc<_M(c*Q3D*;hx4|Bv-;%t|ZEeCD|#{H%A5Ak!DdoF*fzVCYW-Pi`QI7 ziltGGA8teX?L4GAGi~4a0YOzN;0kXJ9@K?tcz7lPtA`JNk)|`yamK6xl^${Ra0l6l zXYHoj6%7NNtB1aqpWqmPuwF%~nWMy}>0AZDUxz!ltZ0onqU%kQY)ckl@RQuju1-QX zv;kI3`e>vf4a^jvY|M&&CRSCMiN5QH9fTjgfYAwnO{aN%RuGJykg-(GmoLGB7JU0j z$f=?jgb=p6;QAzyfc+I@TmL z#M*|>7up2sRxC*xNL3mK3CUG?i6JAsKg?uJ?bEK-7YFivyvw>;ASOT{51ZxlTVZX@`u=C?$rsh;S)b zY%?NyWg6^ah*&xwpR}LL8TNyrve;Uk9#4|e(ts$+R??h?R!HghLZDO7n{xHJV51VXU1eCi^LX)9ucbS zY@>@sgicPUvz@MuGVr@Ox+hSwWN<|?AQ%Zd-H#vFlAb~@Q8EjxepwSKXhe~ALe4=m z@sJDmHJaYT6IP?RAK%t~KOD5CAVviy27dSk4z;@IWb%fv5k;-%5HE)nf$9MWsKV1B z5R|U>$HdZN_Kf*3S35FcXQfqe?sV3x>F`z14bAPAKE_}<#;6ZJ^`le&Mz5(l7oZ%z zjtthKkti;S1dyP9WWW(=48j7S2}A6SW#G8T0YC86Pj8T{-bwjK8_y{r$i2$cN+*bK z@c8UH;3XJ9^U>Qg9lR4aq+g~PZP^m2hZ$#Q)cM)aHn%A5lqhL%LoWoIeo`AJVVPZG z+#2>SE9$G;CdnSWxE(^2m0bb_RjHIQ zLU*iyZo0s~qt0c@THwLtYhAPVuwN+|xP};#If?O6%uxi8267oGrD&={10{6`$WG>h zu*?%)MaOr|x z-e(dE`&>E9|3ZVvw=b@669@AO_xGNAbE^G%ZgRlKqHfTd zoSNXCirGE3K{B-IKYPpbt^{goa9DwCnvr!)P@B---Vv4VVJx;`Qt=H{Z)hQ00ft1HV5WWg5{N*Wnwf zP3kA?2fpMNM;l;EM$`hc>>@@8V3g8ANB#jHHh+X+EfIQyUp+#?hXEFI=yO6jX;y}w z>A1bS)nwwx?CL{7h>t*NSBop^L!kDB#{(Q^D;&){XKNS`JG4SGW)u0Z>4<>J+bCTh z&p66L1;NgVEKd(%*6-U8Cx_4;bmcAP&G&iO_Y!j0Xi9M;kST46N)q@i=pBlws!x)K z36<($B`AThhNRUYvdqeaxgIP%Q|97I(>ubcsrN7f#zEi-6|j7S;#8iHu6~XvAQKek z$w0E8x@`9HavV|J38*IGkZ_cyL<6O=+{{IPW%}_Y&Kc9%bpW9G(=`2wL$pg2R&mP_ zEwL{p8Ev`A+c0wiaT8*4M*3jB*XP)PS4}lmhjCrSK*-&#hTOo>?S#EsjI_tdeRl|? zk^QPPwMqO#$z`I^G@}iPK3_BokC{^TFZx3)+Uz*?)hg=Tr%7Hi`e38h^Q@31Urt?6 zt;D$ID$k~d;!@CEIP@92LdJ9*3kCLB_%;YBpQw61T)>+~NR=%eoM!^Th@cO$9i%4Q zo=Ut}3xa?`obldH4p}jj19^%PQ9y3@4c+nL>aW&JiR#8mf1EjI-0c7L;{iVq%n8RZBTD=ShV0g!$xaSX%uE# zQpAy5f9GM}-F*0zh4R9M2sg&T<9F0gT}`CT4hINg(KIspzGJyT3Ntjp`;#S#_}Onf z!So00A;kc{F2nd7*Z#+tp4w`qfTC>(S6b*_B3N;4=icm_Z1!|S*WElDt&ZOI_!DH|7wsps(9v}_F4af;~|-QWuU&?N{WC-jOYMS8ym81atHG6(K8Je& zhA{bc#?}*HkmoKUt^ypVCbH~}z4NKTD);A+wM;^qw4esa9z*F_JKI^FSY|c6cnTkN zxQvuc$6B*$5Eflv2-_4Mh$mo+h{Zpr-OAL-!HglzGEwQ~puCDxCz)IzUo5T;rC zZgbGNr9tM#nhDy^Lyyv7zYYWtkZxKLc~)EO3jagK|HbFW!xu$<5;(E`;E$W7MAGr` ztHSxq#xUPksEJ#i_BY;iI6OfRLPBtDhHF*`AguWPZv4=-&{k@nII&!N)YU;G!C|%e z>w$su>b|Yab@3Rw2s?Gyxxb6xH4UTI|A&Cu>6?2=K1MW}(Pj$3-5;{R9py^^+xAO8b5pfzdD;|m} zS1}r>u|LdvE2R5_?mV+pdJGh$D_SiykdWtDI*srwK~`h4cL`7fO3#E%`8Z43w`Ly+ z4fuggu6z$bAWT*0@bnuZ!<~IbL|;wAmh!A=TTV7IfAV`+~yMOJ~h0O z3>icfpWs$67r_hTzC9oEsg|pg_c+FQDrz0c|aKb9@1_qBqKX`4arYyZso7TIn7Mww71uAkg9kETq=F#=7C2*;#VAwCo8leO z#W7-q&P2@9TCa6s{b&fC9pJlV%}3FD!K2R|I-M86=7+cG?46W$gztbFBlfco{3VPU zecO3+3X17IJ9(Wv+WoKQbKU8H+8$*KYG8FbDAKP5#Y2dYR1{nItJ3d>VM)8*OuyaV zL-ZkR3ypp6JCQVEJx_CSqdwyi>^AP-K7%a#4l~Q%te*_%6$c&0FmEQCJkJQSRF5ue z4y2k{0p$~?9qj*=k%=nA$LD$k z8|Kgs4YpgEkHA``V*~SYHe=JWv&)kobiTcqMUIOTde(AD@GM(|iNR;MgosY-G9zAh z3j5qWEwZSlFya#(|d{vhTM#t;tW zR=Ve6@ALy)rd*l1p5|us+te#xk&N`1C!tFKG3A*%m$>LdizBRN65O5Cyv4&)D=?;7bTKYx4sxWKD_j2jeWUJ(+lJvJ2N6fd)(~jEs2jyH%mG zS#!=%mK?~`!xoWQF2UdU=Uh}79%5pl*EG3%cCEYW?-{4 zn<2Uiy>LUyLA-29uv}0H_=Cv1qLi`#65K?SlNBLoRIdX#Cp?;UfKmXZA6^)Fv9` zsmx}g#Bj|~%m)vDUuSWAmdprYu4q<(F*(>mM*f%Gh9daBQW>hJsYPi{%iAsavksj#HFk5ijAnwOLCcbw>f$ zALD_D*IxG?fx5G;ZV+zekfI;?2w?BncVU(H-F>|4;u*3|ktWAOZ{=1rJ&`A>?`sM_ zG?ozw!HO#yN{bB$963EaNl|#9E~8lrC7}1L&WyU)BR`otaYhDdmzI}@0ZF)x{k(1(=K0_sv#g*8@>V1D$A6QBmI&&)7E*-I%1scZwkm|^ntUqu-W5kfGwKN8?_Gw{^ z6OujYj93UQq9*^FeH+ly9doG!#qo~}7@N73C*6|BYDJIVa`O8SfYVVEMinBh2J^8F zb<_{3fKe&~35ZJugCM0(b!p%>>3w-*g8J>q?Cgfb9a$WmYC+x#A;W%28Xu$K0@Qg` zQ2d@fn(Nm8z;vz$zYg&%^`Tm1qlr?LX}v8^s?CnH4x`fiZT4K3?WYXtoN`?GjtwDL z67QiMuo@{FdRM})4bU+*_}ZwoYfNcFhK$_i6)SwP(&UXF>UL+gk$lz-6&cHSmZ+SB z6)*XXibKx0D+MO>l#BD3QPAqHsljwviYsWo%y@~z8hhkfNA8KlL|2VSxMXd-J2~caaXW)qasq!%ED}a$oGW?f&wl! z5B`Ol^=>A{$!V;i`E@<0-{qt@9nzf%z;(N1=l1E;zS&Bt|nZVPrQkVclDlk%Kdfg@>cJAj;H)<{s197n&u`$vHDvyBEG3 zpC+M1JFeAz;ofDJ6O~=U-!(KHh$;0bs@^?z)YB{4AP5Sm^GmAIE27W!+ty1CW?o29 z?51Y#8ejTpZ+8lKKIcBYwC~APubh5)O`rXdD7C2iMqYh^g*6#7lRA5(EDD@SLp1Vf z_D>A2xqm$49L!)92v7~E?zi?_N(?q9LD{E{nukd-N5OJJS9dFltKd5O9DL}LU7@L@ z4UaWz0D<~5fkX+HLY`pMvg+MF{)1U5{);4F%{V)N-+uQmS0&{ zGns~w3b+(rHCruD;5^+CyqnTl!k55}h-mlzaat0z&@`f8I!-5^5#7y1iiqcy`&AVL zU}CE?WaE+opnp?I6M^8?hDV}orJVj2vhPvyKfn5fg!w5u`L@CCgw~X(GJwsGnbY`) zq&idi)Kla3efb$3!kpl6>K^MWiyI7^a!7_s7zeyx-(Ct-sZSM{A5kP_cy~V$m_OR1 zb4?*Q7*NUUza2>MJ0Bc0^*xunVaBXzS$#Xt?V@3o1Zn@7gv_7)&3C(7ZR5V45Ok-v zVS^v6^Vx9`}hy>3b?q^AJ}UJ<#Cq&bfi#cj#NYI&QsbvC}~rp!4< zQTZjZA+-IL>67{FxzalWx(uu^tF9Jd9AdsxwAT81}JsrDdmV7ERW~*jTV3BdE5;<5BGPXSiZIQ$WP4BxXqM0%d5O!PSe9$_0@Ro zbxpL4tIM$4l*zsvw4+ewuB^4^GYQ%y+>Es6}H~>qEQey>COuG;t(Ru-0;_FLKHcXXa z$~@!nmGRTl;fSU@@{R4Ulq!7)6G^>xjkK&xiWy&?Gim88<=!X*DWa5v97;>=qt^tU zrzoMqN^9GGmX3D=T<(87D{wxm4;9JBOr`yN7EQyr6F~;?K`<|oq-uc@ISgaXBJ9U^ z>#PL5jvUULJU(AX?n_NHy7PoCuN%4!r8F@#u;E7sMb1ZNe@;PQ;|$Q4>(iw@%}%FF z@PMC+I;f^s5l;W2ou`h>Wv+iR@m)ymx@PPCULIg{0XmFkALLg<&vZ_y%CX=QyrZCzeuNK)xQNPKTagoqtxQp@54ks6mao<Nh!Qy6M}`Z7GBZ z9WUExT$GQXyzikW{*_I zIIRmTp}C||g-ZFZ@rO2;@@yWdS%zRavvNE$yWZCdKh-Sv*Kdf7pcpW9(fUJ#Zaqz-zZ2*OXLh_EbZ zFbAlWHKB`y<1$GC$%JM7MyMh{{J3XxOWm1|%drx7+23k1!{dJaj#&w2Y^5ki6nJ zSB~@o9$^e|GLA%R-3^?}(OSUUwi8fU~Pcu9TEV)aX4i$x|%{)X3KwxUbffl-^z z)W@FY@V$pYSLwNc%7o-zjLefK_|SXagMO=T5_}e3rZ=uqp7 zKPD_)7;T1$?LU`?+k%>2t`R9I%c!-4vCKX;=Tc8f>pET*Ns5p{J);`~Tk4<=ZkL`Vs{!f3JAp zcVm+Ssb_molnL+pF6e@Fj#esaYKhXo=<=O|II9@}C|hBci6;>ejGSNdNZD4INxt@= zHE1C_S=V1~-ru!vjFy@$5}A7-694e*Fiwxj37ED$4U<2VtS)0t7uYams$8f0eAgA( zX<@b6t81yYf+*jc^FzCXJY+6fItz6YZVNf5$-^qjuho%cL6(Z~` zdick_U2zN7VnUj8dMJr*$%&;Wms!%0XppTv!SOl5>5QiLIq%Z*2ek93XQ@xSugX0@ zqThk4OBmw_8o01C`i2(>m$+(U!@lXrv%IL}gakYJJyvpGS@^uz*fvm|6UWqQvvjLE zTaI)G9oZ){>He5HE!`8^Q}CZDr-Wq{%L$nv#~Sk;c?Q*=Y4U4f|IfboZ+k!&C}Z-! z*?WkDL-oT845xTG-*EP&7vFgJ0iQsbO9+CWq}3MRnR|5{B$zK>*`@Ap(gF+`T({6PE z_e>aJb-X!Q%v0jNNG${Ue!%2@r+<$}2gUJmBKN`%j(>lWY{{wmr3!Sm!anYoCd&RT zC6N7$p?m%!?RG(O)5;OE-@lUynSM_aBz7z=2;vm zB9!yk{dRnc?~Hm*!-v8!POzN|YTUs!F#f(s7C(h(-(ST!(l6ETp)E71mwZnbR)wnA@?wU~?SfVVsq! zy$C_3f;D0e99r4+>iul`OoTjg;k>?m({e|5F$~#ns&weIslD#3G(BIn&~zm>u`ncA zQ|{>cvS&tmACNmp{`b;nV$?KId7$y0_LZbsLaIbP9~ z=ewncK+O%JMflik<&CwOK`)BGk4wjQZNwBl8^-R1s}AvrXD{Ag#_XBNYnP{Iz4^MI zmr`t6T-T1EU+%S~4-Gn<4Y$UJ3Q_pgw%H86eP2pM*jolUg{=E%QP2Oo|M!O;9bRgh ztInEu8$5Q#yi?=eT+gIiMQsMK;8GPi+4BF`=rnP5Oo%)Cl#D*Fs5MDlZYG{UvKm;y^ znp#`+RIn9_&~rbmW-bnzXNxsfpuj4PxceYsN7R`uP;s_^rEq_ipRKm-{H*iT$9-u3%Ed%X-@q^N z5_%<@`@L)9q2syzxwGlg(ckZv&wt?)Uhz9~ICH-b@LOM-$**a<9<(ExGIn57X78+# zt}%acze!u4OW2n&i{^Z}wHCHA08sVIFo1Me@9n3mf z`}a2(4gZ@gr5pic5T#IHmVx840hkr*h0Aei+P9(a;g124IT(Fk%KZ&pajM$=A&TG4en7mVU zd_Cop9!+6bXHbV43Z&8wL(Y+q(inP&Ew7d37J3^KsBc;ZsBL8V0Lsv?&T(s1h!Skl((osCwPDOM42 zf8Tq0GDoYJmz#g8(W{W!4CC<{`S|qhmgyR2_I--9y4sEA3VhL%+p=xYsWG4-Iy&Mq z6%W$y3H%oQS+5nwiXurPO+;8sH364E(Z?q|&+AMWvw?QF>yPcPD_7^ixXNkE{J;*Z z3z4knNUP^{^K1_Dl$n*SVxIr^#nXP7xbQ#8t1khFBOfJvuX(kb#bNPF5;A7$-;VoX zjBc+?D!o;&lcbH8yF{q8xt4yHZ+_>)_76&FxU2ruDRFLG2BR4^7 z@n8ZO>-l7mNd}8Po8aru?N+rvmxhCDdzLv-=@@s;C<2YVWfcM#`@Nxp7`MsR+yY z+yQl*!K8cp)PmW3&Bxac2k`W^^;fMK!g? z{sYgcJOux-CrZxKXc&_>m!H>!b6O@nLwAJa1N!h#P0zT%0vNy-Lk>-a{;R&81VB~E z|90@iDNLYOA2ERFgLVrtHW>LfDGPdmiLk}W)KsGrB+M8uw}mOOw~DA`WmaxPa`Un5 zUG(pP+Z$I?k>u%>n)LE)lbdy)R6Ysl*Nn#Z(Jk?zyi{ z+}VFyp2JBM$+fqp!^)F2*$5EEs~Q!l)UiCbAE+gY5xP#{9O7Hrz%v?X_&FD^`#nL-tIhboQO_Gw3JV>$ z9{Rd^GC~nBM$4h5aQ-=uGXp+8c9n*K%bx~MSOuBnjRW@VcH|Qs@~jI4jgXsbA~HTq z2t*4Yl>2xPyJD_`&Yuf6avHi_pLOGQ5I+_aJyLXCvl`!I=qGxP*@)WxQl*tMdHt7( zx-35*1npctlTjRUG~?M;w2yn6dE5$3jh(Y)fxar-plM^|=hO z`n-GEG_+ez!WN-3GsF0mC;B+8}2e zj9G0>ViSonYLh>#PekNR|EZ-x*kzf@r$AEXs8Z&l1;U2O4mP@0=5I&#meZ-%8x9P% zKy&94!9}f^@Q*u5YWmccbAPtF`+nzj+L6mC6TvK+wZR~zbodus8!$d8B`Bc>H(ahA zt@T}I2{RIdZa~qAwiM0+i|fy%Z2(+HYw z`mbg(cxm$Zuk52kbWu~$6tL$`NKYFpX%e#BN(taPile%^c7BUQB}!xBrKO@oA;XhX zdvL`eOA$Ee&`jtM_WP3fMUdFUJ;?bjPtZFKiH3~Ng~lj_H-*X_VG3%L=$Gfe5C6td zLubZU(`7T(DC^htEs-|=2DY_*vkrBNgc42&eVB&5HZ`ud&F%Vjt{>&GlIYk`@Z(b( zkJ$edrNMKd&}PkCXk$hRblzR~K-pC($(_i9wk8tf-TC{4VTRglhQ{xx{413&W}!l9 z(#h5Rze(07jr=V4M(5oo=5@1r-|8*s8cchsp}NFlXxUW2%^~~1YMD{vZ{wYV7*g(+ zK2znqvV)%t>`M>HJ6j*JsAyyHSvmLp7D#JLN`AL;_Uxvh&{2tY7nrKg^^1IG>)bSy zs>l)x?LcjD6m~u%Vs!ruqR3vUh^hLhU+0la3z6m&6w#a%d?zK!5W$?n=gH}6-rvB_ z=86B`y)Y#y-gS3deP1@q46OzErN9mat#48L9#dUc!7L`4l!fn0pSZ05aQr`1U1MNf zThnfA+qP|6O`5c6)Y!Id+qN1zjcqly)igS>zmt1=?|r{t`EhdgK5MPPGtbPd;c=N{ zPjgr>+?6;l1hWqrYPcVf=JwP^P9>AtcXMqp*dWKlNJ^?Ry;M#>GTOP(XhCZ}oI{*R z1D!bC5wSEa9uhu{bqW_T!HAUd?zK?0&VUkFeGtw*vh+V(>%VJU+>GBT7}`3@SJifZ za7u_yZykt88A+a4t)cv$W9KiTfK#1-Ua4L`XyR0BFb&Q#e3W94sXYN10%6Urs zz0rYnwyKlF9ZT(gU(gg0_?^S=WNxSC_E`5*S$o~D&^7lfjQIFW(_x$mge2icNQJ2H z@2V@jDFL*kOm26Czi)Q>r24|3xe1#!xTbkoQa0>@z{GQ;d~Ovw6yix2l9IvA*`B?b z*hw#0eI7t)7&RytwcU&NdIDpt>)bZuOI7xzL<5h4&vN2zIYuKd&9sLA^4&ej9i9W` z5920+Bw`Nsd+9NrT7=&B-mOo3Lh%!LDShO&z}rsSgp!*#fio#?uQuOD$rUJAqg;k)p1Ij&U!rEY#D2j&0*Hd zByqL|6_3Jg45YBN$WA*3<42Sv|HML^%i*N=aHT@GSLaY7hpJUq?`eMXAMj?75SIGP zAW@DtL>5*KlQ=fH^97r`TP#IR6_H?V^IP*rZh)j@ncu&+zy<-bUfZnUrm2WxHu}wl>%(h4{mPl~P8dS2(up;3TZ?D=8|{RRh`3 z=zi;0J<^m^TAlknh(V*~OVg0?H86KgNfoJNJkVN(%2J40X<-5gNCuD|<6v;Dg8m!j zg=Mf2n34I?Pkj_ZOjr+YMtj5CqRmG+uX9w9V|Hg(j>knK440o6c84(`2kShvnOSh z2t^K@1v(??AgQ1ZyFiM8LBNSiWiD0rl5a+$aO*m$aWTNO=HF4Fd?5f~HiXNtS{Sw) z6=nz=ZHJ+T)#NdyoyP74+F)Herl2e725LK|{aJ%*SMmdqu0*7MUKnhU0N^M>j>4v2 zI*plgDwUfytS(75=1S}g}?bTcFa^mBdSKw*Kec@T#pyF>) z(tjAAXZ;>_gvYO6a&RDVpU7@z_i^FR$noHxyHAfg7pxmMp4BCGYOwzfE=rU@!;>Or z>>^KRwaHzVeeY%a@k3pQ<)RKbgEu*3$8`rh9d(>%=!3 zt>~A@drl?eI~Q%6Up(!^AVcL%a_S0kj(acLhL4ONAOpBE~=F(ptb0OxQg z%bBUCkx&{L?T4cEwszxN$FTSm$Pi6z`P+JZOc3mR0{~#fwpuvLYi#+Tm!Q?Jw^38C zCt`siFm@Emorn8wrOSSO^BOsO^KLyV5-Ka?nS_L>7%G?b8ur6(&MRpMB4NBqw)fg_ zD|lfAI^L7Arc^8B^*It1j)nZ{7bPX?{T4|yaa8(Imp$p)xTup{+E0Ws$OLAw!zhh% zjGf)4g}@t`DRg5ELJLs(Z-#UOqnu+z$t3DV8uh|p?CcvFWM6N`VP%LC$*znQ*jXEI zJ6gkMRQ~u5!AKwo(7pih{DuuQr(m=5&t&@*fqEjxOetGJ7=7a(VzYxXzJ&*-V2+82 z&QI+$-D~;*6yG!Cgq+8^be!Np0{=`ZY_3l*u%bUXTctFrxEzFK>+3Zz`& zV?eCu{#Z^(>*`xiKLZ~4Ua9Bq$(xzr~gOkg#CKs*EA=Eg4}i4!AHvA zG?R~907RU43gAp<9W~0Zi3u(*c=6Lzca_+rKX>lHvBq=4d6FY9D6-pa)_mz>O zuX%+fkzm`loFoEH?kxeg17kCF9Lla+hxTW~d`7~ugz}7<)s@^|)GJ$Uvd4(1G?5q+ z5ukJuBL+7>Nau;b%q*Q(;^RClU{Cby%HlNCE<#Dt9HhK)e{vzylsFYqlBqVG(+m=d zSs4Bd1+m|6-4&7M2b>i@6{$iFA7xJI*KGcPGI>tL&iO5%M6apJkfd3aLqTGihKuH( zus?byTQ6u`B{zXepm^Z~nHP3RW|MyZi8+1FPKZ2x`cr}g>i|+1&)gpucSDS3w2Ia%XISF- zT28}id{1nE2wA1SfVADSN)GMgOwJ4TSTq_TC179JA`f|^7?h?pHiBMT+=?GVj*;AQ z!8ek0#fU%4cbJZrf{P!Is%?Nv$dH!bG@4EW0GcVVu!saHu}*T$kAy=WKX#oUHw<*W z9h^0EFe}M0uCoU65@F6ilYOEy$2k`PCyKLHw@yLXHiZ;LwZcN55S zrLI^(Q&Eq?tr8k%U^EZ7ANx)YN%+|LwCon240>+O;eJZGuFH!rv)ppA=y0<}M^T$FJ)k2edE?v?h)kTpR)A^O|814%s$Xvc1)T#O>K zx!Gu6w$jkJr}MYA<(7oPP_QD`7IN>W(+B&$sGRtYrLLd@4#e%S@X#4Zs7jbr3Gci0 zyP&5rTj2?AXJJF4;LX#JJD%KPw`nHtOU+%{Wtm0fp+O_}K^-V09WBKkN8BHfAc(T9 zwZH18I;nj;E=a_f@2yd5sNToJ?g8kkxlW8M32fy?K=@D41R7s%UET~f3Z4j7TW-?@ z?3v|Epzrj&;O|KE2^#L!q>4?}6f&BJdjce~G!#pN^wnW5YwMiHydNGmv4-bZ)B!;e`t-D>F zj1Nn1K>@~6S6lp0Sfviky#{udpO#f?)>99rC0G{?TfjO}FL}9!4GAYd@K8^67pPv& z6ddqD<$TnjB9uY9DjBMEJN#y}puObRz-J>M^bI;z*wtt%yQ9u-7qcL4MvXKQ!(F=Sq0?&1qp&#iCeT7x@P12dm%h8x0xzcD*QxKDqHD~J^)eu-?(M^Z z6miYjQbUE}T93V zf(4ZY282I*7A`DB3aoY^oB3VrW+y!8goK}~+;`0@J?F%=Mt?rxGw*t^L(kt~4-6?L z`9Ywn+g#2$o`!8>u_F9n7BSjy7We?OIWNt?i~$b$usZl;3xsW&e6^-e`?+_)`VL1h z{%?`py9X9uJIpMHfGMJlD+jmB{l&<^@Bq9Y>d_H5BeP4c3028FOV(qS?KDbn4S0Us zrbYK8Vfl1c@ui2^Zdz5XkFa8-uy8KJ`j*3^?mc(o2w#QN?(;}`S-j7{5=r5(7?X+K z_Pzoq>xR3Zeu9@~<1%}B+9ZktPG>?=R#GzksiIrV0*-&^s8)lI%UtZUvpMB&nv(lE zFk&Ce5Z`{N;|g=u0tc^tGVI>lUTU}EQu^8ZX&MT0={yTSxCvm}2H$e#T| zmd+S*vVZhoMI$}!cBn%$C3MHs3Z!x-2t@>A^WLeB4xbhzus4l@u$4})5>J4N4(oY( zvEP)yTU|S!kKcF(mnLJ&k-1nbS{}%^X77SXsdZ`4yc}Mmc=-%F#Nip**eC2=dcX84 zY~&Xofd}?Aw@pUi$Rb4cyn**n)bJKFe~8<>{pajY-b_oCW{KV|LxnQ_i*fVTgZ3E! zQOd`CeLR)7N*bNnP^alHu{8QV%MWaZFMhG@fHRE>f@?9xAz-I&(oeejZSgpi`HFYlF`^C zFvOCMN%(_X^N{frh|;=RMv$>{jPTurjF}9Fl383@ZzvC=l{r!?;BL<|P!rkAYghYJ zLJy7n*Hc}?Mk(5ckp5i{=Q*QbNY7%OPKT$)xe9E(PA8nBQ{Jz5>VR!NiF zj^Ls{TP@caAD&Ji?ECf|D16kCNsb7t!rgEQ6(jysp&g05D~t%!cY%ESEOeJb&z(!3 zVZqetZ+7ztb}l5~GT8QvCuJ1syo*t#(2>J zu#;(oMIDRVClU}m?wYPlyFtU$`$~4>A|wGoONCnN=p2H1>VnM@HIR;!?CW<@l_hZ`dnT{wZPFFwzeU3uP)wu0ge5YDkUp{m_`QC zj3kVA-OuQ!ofLe75|U^fGW>}(!AnpZHtrXMZMcAnG80XVB$nNETR0#@MiF6)Hn-vOOtMDx%=SAr~Tl$_- z{^sH>*6Db%xL-y^)YDD24xhJEgBfI(mF7+FT0Im@c()aWR2Z5Ljks58HY)rB3@Uu@ zX|qj*QZb!)ewq>@uOrvs!x@g40wxST*ZT8Oa)pk4`deva6)8^VH*1PF9arg4Z2Mh_?7rC7!` ztI{X44H=H!KflH&#?yzX!HG}#I|6!K^rd6nAflw9&*$H2Yzg(qJs2L>0}5a$1CDsA zC3XR(qgxb`BaV`wf9!?4$iVGX< zYmQRsS6tO@2@r;_%Xas!unzMHIevfNH_Y|JH1y^D5$73UtyaUb-GSf#eB6rPAeb1ic8fWXT5xqm^@$Ef}h*L zT#gI|BjYc3hh&Z4yz9*8HPWEigis5F-X5xzVXgWPty^($5tsnwNit|dcv16QdH|=} zWfL5Pd8w+GK>pXI03bC6PWf%Ms17#3Y<;FP;v{m&G-*e-Q>u9np6hkU3GmCpW|XLQ z@HD0CJ`Ns-RqgdPMrsdg6PUX6dV2}No>L_;?vKs#dA(wJI9qoap3dVj&ica7sgVU9 zpB3eJedIEql;YQ7GK{7uNOnH%qjUDqvtFFd5`#h(jE8lISA%(8{+*F4n$r5|kpQ4R zSLAjz$$8RHdQ95$E3(_p%Vk<$&09p#4;UtmAbg#S>wpU1w%pC-zn}DmS^P4VOCARz zqaAi51tVqh;pYUPP$l!{uNr(2C%UT3ks1-4cs~8eOqU+y*eA7uAXrGe+wNb+JKwqg z0Id#W5DMjviy}^Maz5r=%J1y!F@-nB4c zkIdwpKV{9xd)?M^jotZNptb%EKM^UfGhF_e#Jug%y+;(7?04V?_K8Zz`*;&Drt>mc zQMS@(5i_3VfH@9Uf{iv)?R6t(KT@EE~euJ+?X-om|#VWZTiq)jm%jc(cO z&Yxy&qEa~0@4tE7>>FoIY;-(DwOR0HZc&F8bL%|sFbvAAeyAwhCf0@$E9t63c323D z(c1leECKVo@%fowy=}$L?jzP?*Xz7u)IlgBX|Tvu|Bam1Zeog%JZF`TIpm$^RDom^ z^GV_Tt9p*N&v~`sSTbm=ukVbtQBNy0RJY6ejlynn7w+X`8kdwBm-Fu>h^rabf``I1 zB8I`&-QXD91TpjGR4JWODnusYJXqj-L)4+UMDb_G{KCALOGs3yC%yH&eWFE$o1h=Q zQuBXyaeCt2v`=VDd-Su6!EiS)2OuB@X3@>j@9E8cOV_bG*!;KxcvMS0veSL9n_yR% z`(T>|y~tZs#1qlP1I<|o1tS$h=+|OP339iHKgaS7HWPF_og?5=q#FX%p*Ltz1vhYjTOH~!|~0L zByl+639PR{7V+)!vigDChx+IC11%(JL21-3+X*z7N#I4h?B{XkmiHH0Y{MlZ*<1-W zJpuP_r4~+u4GA}ahgv7>27@@1iVI>3XsBijFud$~4;55%$%uXnqjPeJCKK@LjNfkA zvfHwkT+Y2W6aBY8-(iy|cS#P*%o4oCQ>)bpUo{4AdH)Lj-tiQvR>Qlq)JF6<=i}eC z^SK#hz+ft)D>pgZB)A$|Z8{-oF=8=%;MXKG7#M?=3uFOd>g{C`U!NQz@rn7i9YWZP z_V}X#vu41A)I*jT*mi6f5#me&5#|n=Q7+;GsZbZw;GO}$NgOr{fq%!)y`L{x07C*; zH!C2k3(&fj-ED%rhNuD7*yE9+1R56u@`oPU@5nZfeCc+0x!vra?$l zFagb++bj~f$svxSE1*{@A#nMmzb%S~JGwh8!LColt7L!~&CR$L7NeXXcn!Gu^skR| zes9?z*m6oK#D5;R-`O*rmvpmPefd=T$m>BYa4}r_i-DEd$kD~^%QreG?4nIPI*djS zBfaeaNe{EIFN?4XjYTTo-79`50iM2@{*n)n{BE)T^XEU02eL07?+5GAm7^jn#YSbG z19-|YgB+Y=HZ>I{-gIb!AIrp@?~B#CRqz5kfjNBPV-E2lOy?Jj4^K^RM= z;lW9`z{?lId<}jy7C0Vr63+Sdx6}xum@)thBs3z_xFQu3I`31-afI%lgD-RT;iE8A z@QGGDZqPG!G^04{?u&naYaLGgH-F=gzqV|Aa_I&`wFjaogM**O|q)ZU$eF&|+aM703QRaZRNf;M>6PSSN)sd|xeO>xD@d|Ia2UfxFXyZfHMhJ*xdfPW;=FlMC&L`(6~qZpvZs4)cau!}!8+jOafO7;B1|!}T}>xbk&kt*a2*z;Q|I|n{puEH%wuVAu+mt3#!cce7eNLT&&BBsID)XTutYg?4LIN?$?&fh*_ zsQStj_%I|y^I8osxUgfthojI$eu#aQE1U1&B~ltTuK7`bPw)QZyWBf)l! z?1>Ckd&{hbVPBhI<$$@~|A^55^fff;z;@~7$+VTDNn+_L^z6Ww(q^p91s>y!k0&xV z)g3Z^<*>PggV&g5@-H6i{$iV@iR zV}m=}D=|yx7)LQz8CdS}F7^#*e%5k@mOkiMyGcD}wKp#bfHLP!JB1BKa5bhz#3ndV zg$n3vSn$#)SOYUHQA6E4Cwm8vbbE};y)1dztsTM2?BIom24lf zKmzxJg{of6c(<2z*OjRW;yO-S^|HgDk?o%(!fT;{trNDO3`KG!OxYG$aBHw z;|#tZyPSe1=?Atoix~-7ZY)broae<=To_a2);lp1A*7uebIF^THRZs^b@BZtpQu8IvYK;hhz@4=;i-bopgTHvoU zn!ZC;iu%0iaroGOD!x@TAYnfe`HFfHlYZU6CZtgHpKJs7efkP{I!<@W!-Uoji&z&c z@tjACEQX$s(j#ULm*)2kBeG1yUlQ?N{`rFdv`L4awk*kO2`aHi`^34oTsT~q?_Cc+ ze&BG^5$Uc)TWP9R&R)}Ic#0^W2yiH&`IpZ1CAH-Th2u&djc1@3(wVaf7iM}7|Cl`T z9=Qo(eAQX~f{;1N%`BpXvKA3QeK$JZFvp4emErL|h7UEc7)he_(UH&4Rzpe#rL$PImWy&sGCSZ&-MV{3P(?$bHQ?a~8>@ zXvOL?cv7v&V{`>;KF7}Vd$fY9fevLmk!{8uMS5qQUw7*9+t_|UKCevJjlZ-6IZ9UFpx3;zG7h`A z+!JIa-M=a|{7N>@>f_Q#Zm`2bu|Q^XS{5e|QV!4Fr1&Kh=yl##y8)oQ;o*e5*2KQDF#-EcX^FBPhF<~@?flxiKUx=z@+~mZ zXfGO{E_CgZdcGfs)xDftLeKGR=};~=7mIewLF-T?D@OXKVDb(bTFQiw>vwtVjTBgX z;Oo!ZBrTQpW`63E8Y^fpm}Fp=ck??`Yi^hEibj<1CGdr!gqEW72V9RD)aBAs%S8m( zm-5or3dRMfaktg-lXtBvk$52S@in`Yen|gQCks?3G2|Lb4?O2&IR$2VZ8fWeBD#*D_$I>zk#tWqJ$cG6=8M1rjCP<@jL=*Aq zyFZJ{dC76iYU7j9XKD5=ivKxKVHe5nG*@&QMxvbJ1pp=}xr4_uy|ig@XIPdb6bA8LgY@2BGD7EO5W&dCYo@)qY!(FYKa5NMoH7}5&CBLq zJNmNMB6f+8c-O;hi3?n^L)hdi-;m8e}1vBj+CyjJ3aB%5RBur_{3*#XM3+4v-9ImC`SzMr21d- z{h#6jD`rW-O*=%+y>6w?J+<(@jB%(y-)dupl?>2=X88jP9eE*CCqDm&{?Pq81AJ?z zLw{wjdC>g?V+^?Yz375GLv;!VEDA4YYB%zd{6~@h>QVly7gGtSt4`FJ|B1%GNbMQ| z_|Z*JbH&vEfY(3AOArp!N5mi%HXtPYyXO9%KYpFQz>hjFl5cSSL;rtXmn-&ega2(h z__x60-M(YJ9}w0?onXN~$NTRO0ro1$7V@HhocJH4`{#8)WFTAk*sHlGg{F<^2V2`z1k-kCDp_F7&@4?%@}CUH zpZ8ARywm58F1e_V2H>DQHJ=xQC_o!O>$mIBmWz?r5|)+1z?^^C#>P5HxL5mf=DfRD zn*Rr_JFF@|xEs09 zJsG?=(7{{Zz*Ewbsml~-*Kppg`ZC=7&@ndn(nbO{f_y~MaUbg5_I_hLLC4^61F!_W zJTGokE-H>B?UF#H^x(bf`LCy5D}iHL)5lR{$dQ9!;{Fzj`5Z(M+6m~ya+ZnQq)V#V zO6A~GIQTexl&4s#PX|f`1nR%U<*&m@ZSg@Js0zn+>ExIjgU62WvGqL(msN1$W8@X$ z6U7fr3KOglIUm3NEvvcb#JZI%j}%Y)U8;#AK_l8ACh>lk+S_$IKGjSm67B8ZP?G0W zo^W(c4@z*$J5{9IuM&RsMsGYj-z=|$0DBrly;buwfion^e=S|`Epo4`!X2=4Qq5e@ zIm7YA*|J6d~+`}43 zES_imLUTd}-ILcMA8Y)Sq9~i-|Es1yH-I>;9A11cavXbvpdw2Ys;6@KpS=F?*R&g9^iabD;aNjTwgJx9*uRG3hR-*eTOI}W7t&!zye`yIRHbibj0%S(YGV-=*+uKQ^a#n6&|1lq);5v*H8g3$vm*xuI(_P^mDlI$-C!dUp@A|=14<vRmEypa(t*q#d7**uMQ{=xcsf81jZFK6K|&XO@~Rg+Qla~Mt(l?1*mxJcv#s(t z*`z&3^t*E?WyY0>)@b&m+U`Y%WVv{N+h>V@pQ=w+_uy=_RdV3I`vHN+qOJR`N`1zg#S)_>jT+h#wYb3-LD(fW7=9GW77|6@t#tE8+mRpFSg2u^yyq1G5 zFGDQhrWC6d7j4`j642zAS;`OG#pfXT9n@I$K@ID>#y0@UjK)k#X&--nK_v zE~C(RVxFJ-^Hks;TYGR}+ZrgQ;lxm)!!4EQ{LtO_Xv7-aL<8!RCeRS+EXwt-QbNH8 ziw^H{;jsBFg8YvB8cXpljTEL&xX_KS1ZAqF)|ooy0p}4ky9T^+rb1Rtug+eUriuG4mR5q6hDS{S{#vEXbb;>sxw3-p?esLWCSKYsc9Q&gHtu>ThL=NrIK74@Ahk?m%8=aT3~n{D_?yh}L$ zY!#$i<6&A`Z%|)Cbui@^C znL7}zp_o=N9K~`b$JY}a1)L^BT`dM5#%9&D?>Y|bFZ%P>aUs-!mv?KfGN6ltVwA^A-#kquIr2M485xzUjEu=hZYo{& z$5?j4cf9jER`0ZFM&4}TIvB_`eV**)$Hykurveo?y@kro`W_f*#lkAYd`XWCG>zOXv&q*hHQ8B%OzGCEZ8e9lwhsGD$(D`$w)!&m>%ks4CtT z?M%J-VL(cKg$Bo0Pfx&@LIG)#Y;m`INScCDkCGa}4NE*v8uo**^-4JEcf!ak0ZI(8 z_+_a{cWHiS>gki%li@(G%~RrOvK3tZY4Yyj=(=@Jfn_P;=?P*O{_}@ZRa$!+gEkEM zo@62u{eT6&f>U^KLp%%wlm^Y47w}bzlDw!53GrJTzv2~!gWa_hbFGO)+o za_=+kwtx*!>%k_4%E6q=W#LBe5B?+NB5gJhU+uyKZsq6HkxUu>Fkz*nBdS`N$z0_Uo5PiA}^k6g=7 zM2tXC64Myf>kL~K6`|$OuN{Ss&JF=$0IY5gB-wKT+7QDhvWHic=K)3)M_mk0g`)k& zZv4WSj4?DH5@>FY+`*SH!RZDPcx3d8eZ+hBzf7JlG~}UAnYBe*7}Ubit*WeIrg9=$ zl|xy5Sfvdqtzqz04Y^#}2+nHi=7T(4NJodU@qxAKiB)ZaFpWx8)GEH8dPZU=o9>_U zEzO0eqoOGGFBW7sZ??s9%bgGv(lwM2pS9MDA&r@`Sz%wbc9Z&;qV$LiQ~4YuO-ePW zJuyR78w%|fe|6Ob(S>zAIEz;+8)jF*ij{z(Cy%N7$TJHTfc5B^nv zByZp@H^G-2L0}?GKQ5)^ky1owcj67Vfix9H;DXhd)g;WM8{cuSOAIQ|qtC9|zFGXX ziJ;yK=QdOaD`G$h3F^i()uqByrz;d< zN(~ndpxOT-t@rx!}^$YHC6r$DiA~VrxVm=Kfw?9qZxM) z2{x`=>{`bL%yuq~fp9(nf~S!3;p^nt4LHnX{QjYt-z+IQE8PX7fCMSQdk~oAvd)*2 zs6mt7>y~$n?JCIopi%+HTJP)Y-fla!+fRV$mU6DFlcoLNy+JwcDK z8DWKN+;SmNPFFBg>4Rm^{xZKt6t#P=sm7FVE4C7R|6KwKl%wPC6E)*?l*>qNsb>?d zutNlCWCo8~yNz|E-%4@Wa{Kyy7D|{2!{c-xnYRc~He29)9~x1$K=NHE&nRvaboG5=tCXp1 z3id4mD$>Q@Js}E+d_^t;bNYpRgJy|V-<~;K>4Yp1!)v`zKvUsI(Gm4~L2=KAS#mAs z+Q0>Ypr$S3*f4Y$TLqIZD4`>|4Q|nxZ4*cmZnI31Z2==`$qkyt#0>+T++jS2&in@S z4GLm2$q@ZQXZZ5;>%=`qG2u3&^E(sRlsyev^00nd^LCIC^)8k}t3MY=5gwTo0gkaF zm%}H9FLLN#M`eFvQ=`1C@%69T)Ko~x__(a`+aQjpU_tQ`y&x}@q^sH>wrZ5sFRo6qzvl32^*P~J!I&8 z>XHO<9CHU<4Spu0#?&nI)zXSY9$V~{CXiIUb*4N5x;%-DU=amGLoZk`h-%l6iEan_ zlTI3o`%5n2-DGoGr%;9ogN3nSjs+v8Wy>AsyeGvLYF z?dktmxKk6zIROR31D0Ukr)PfePZGb;u8zv1Or2*%w8KjoA}q`Aolg5xo>9ZvqMt)% zsbni~0U_1bzQ(HRt*&kd8VUndE+H@!{HvhN-nDT6yVW;e=ey8*K(1RkotVxoZ0II2 z@)tDfQIP*waiXI+NhDVL=N5i03{-%wRlUMftwspz)s%*H7OC)+pTtluqz_beSG5 z(i)~l2Y@~AF|%RA=pH0}q&FSfsHkYc65&NZ48vpCe)-;?kWRBvh(5k2NE4UOu#@2! zh7%ab*#%qQXUBZg{pe2+(XB9T)Z)iIpe=uUm!4D01WWmm>hpS+? zGL9LrJc2{rXjFUNW$Gv1FAe1Eq>f)BDh_EyWz-6`r=})S&M3HTXI1zP?T84fwrRKm zDt`oiE4Avc(x{mTF7!L~Rjus@$mv&7@AJMHO#X-_$Dn&EZTjt(QX_Xi*F5;;htu?#<9M1MqmxmZ1k-E_a5npS#I+oQI;Sbo4^oyRqs(R`}gK0dB- ztsm6Cyw$qSv$g&d0x@WeR5Vyu*GCrTmmEcuuAkTml@N6rOHd!@c&^!qQr~`_e>KEQ zO^(#r1#<^mYl<^t;te_Eb;P~Rp3kA5-ohM_CnL|$p)=7hf5|h9pXJP4F7aIl-iR%F zbaYuKUcJhubeSRViw6Zb8(P^i#6!F;VXI^zJX^6erbeBz=ms}DxO2o?ybm|qj7U4z zn-W`14bRCZpeg-<3i7Pc0Vcv2ogYO&u>pdWwrLW0&@zXcHI1pH$}TyV8aS<8!%(^r z;A}xOIfFWXmNHzc)-X?$8zs>egsc_n3y=-?F&7jb?h{B7X~^gx^IKjdZv?v zAHqicWcD!0ENp2)tvOcI04$CS+g8k}M`xgncF69&&8+8An!czDqZ7tSDSTqAj2h`r-3K=VO^a_sar0@AP>0DQKqyWGvVRBEiOe)QvW1N{p9O8TOBGNNS6FVR*E8pr+Bm^07--Gqtt! z&Z%><>JOIA)XDp}>c?kmYePhGgb!K8xZeCsjjHg*9T<}nUt@b4r#=wDOMd);I40x1 zrX#3HZyb-*j%0#&MQ(g{Xp5KTe@_6sZBL`3C$$cj=~MTD)({aH-DMves@Pf2{#xXQ zK^d_Xi?%Da=UNb7wZ;35mW)!q8z(y5MiYPMY>t}ijt?8{0y>XRc1}nZ#vGl38mgWyPy9W`)F&~Erk!4K?~gZcVwT?9A{kSMLOSyDd|hu@gu#anhC-fHN;Jj2JsPBqSQD?!>Hu_ zWMF>e{1d7&6Wk8#54Wxs6T|(h7BFcA7-P5Zx4H0$pu_a5$ZC?h4XejuUkdOdfsK z?ff0^p}~SK)`$13p*G5>4SK5HzjF*Nz;j$&o9$|qDk-U#1auR@$mvce5n}-&jw}`Y zS~TFm(OG_)4|Kz(@ERiQ=^8PW^I-e(f-(9e#C^!%mx`kfc>2SDvyR^vR*5Ze@W>8s zc}f3Flt9VAV%y)>F$OACpEFz8@4hYC!mdNV?r38h(x7wX)O=bB8!!y0P_V}}_vrW{ zWhknC63(o)bXHiHMwn&DPDgj^?_ZHCc|*Zta-BEe!Tv&*e=!6FkIyfIwXLDa=St3D zfuMT}s!o=;%01xQ`mr8(pD|i`Fl(h+V$KwZ&u^;HQI@YiA%^D%t(!h{g)2^ z$>`|uwI~*I@J#rgVyD8Uj%9ckN0JjhQjNUzC$@{Kv)Bz4Vla=~_GQM}$AaUYE`$xU zVEpd6G&5F4UnJ9$&*h-7=%q(yh@~}<-H_iX{_xjzxs@UxDhq%Kff7>RN#86{%kulF zRxolZ-c@6Hj{IV{CN4)JJ0WE}3UK2C#+9vZ=eo^jpVYj- zWtj6uUgAw@j&Wq4z#CO{1f%J=fYT5~ZvAPH1knP&d@bkV8HVpO_$^^HC7nTTOFk6g8!`s{`flki&Y69A<|82TwlOhv7*uDB#F*O|eX(V_N= zit!Rg>Yf`WeTI4O(C}rQD`feb!P;G1S$ZREg~KZ-OM zOJtg=YXXmkL=AZoS{$c9?x!TC`ZzxRen_IUP1Df}h(VtEHx)ooOQJ?W#pyf5N7Ph~ zIFPSF!ZQXOK}}l7wOvCt zZ&hgwC3yG2hFf0i*Bs%6wQAOrIkrKS=Q{mU5&C8grx!y{4$0Cvk)_5oRzAfMBTrzZ ze`2<{;%od>6 z$6v^KXEr06!$wG9DM*#-A*R_P?~%QRH)7%_dcpag{n2!fX-$}R) zWb}t!S35bsaanbI#K#jERA2>Q=6xbJAlZ^E@XW5`sUZF+GS$8k&?bWh_KS>!9Piwb z((~Jjl#IL~B`ek`q@nclUB~rema^i6n6$) zrLAJy{(u4pCDkTZu5{CXC5gF_fss%r^)cCXCXyT5{XyA!gnxH9%JPU=cSo2nxj2bp z%lt8w82|H`>XZ7h_JTTS_)igHm-@S!Luj~};QED7RN!NQi0&Rm+s>Uf5Oy*+fQJMU z*9u-&OkP_sQXK_9qvBt%Fk$FJ-&NwQ^q90OS7NVK=W<(j69|G(Qao5<58t2uF)=$F z(d$agFc{I>GJw$j!(z-6o9g2FeN~L^d6&3wQwMU-lWA-YW=z&T{lZ*vsCb;7MdYbe zbR*${MHGL2d#Q+-e2XQk#UEos2S1m6<56`bB=Jtt63u4QwIS0BBd3s@xXlKcN%WHi z?&AD9YZd;+y6eyAypSLK#SLzs1@*eF{0^s?eazf{A?B9vU)+`bH-(h{B3Qd7U!W}l zi5rVOA9d=usJH5BWz|@`*XUF9C^w#H0xQb#6q{u+Gh6|F&3hYOsdq4GD`W;_>%`QE z=uH*nNx`9FZaC_noflNPHs!Q(+ZW7gDy_qsa~2h{Cc}V*EvCuWZ)Ij0p1L_PUeEEp zYMpAU@lPRogrD?IfxA#7TEQ~-U8fT7TZECTu_J%J|EU0pV3eZdR6S!5`+V;75WDZ5 z)E?9gH{YnqrE@ zzE-@j)_O^i6KcwY7X9rh#!`s0t+1U+3$z4ZeX-u@W=}Lgb%j|aSKwV>HE*t@WGl%9ajPnfh5LkTVNBJAHClC-6)yn1C@jQ~toFscr4FhK0 z@;-O}JOZ$L1ygcc+{s+~69O?KrE}r+$Bupq0(Xpt>VAjyyS)j*dO+e>rJZEUaY49X z5SIu%dB_mgq3)Qj$?Lb--L*`0`G}a;-MuWtTs2l!$jPY8X2Ceb#LxKm&GwV_|EM~Q zuQ(PjoXm7Z45~1*$bd+5%Lo-#xth&Vj8o!1WKt22K7!rN^ef#xr^fK{l95<^Jh!SE z0$57C4!@O$Rd_!KAsP*RfRDx8#Y98Tot-|?zUg&8NZE!pCM&XAbuP(eU%C!>Ymzd? z5+%F#{iak{(`|-8p1V1_?p@Da7MBKP5~>_ZD?|TFNm2CLZplD{4;(xNc}kva8Ams$ zA)IxRzU)o-g9=O)!H4^r^^nCL88I9NjQFxOEX!i%r|t0|Od;c~7i-oo^ll+Fr=slr zYEn%#S%^ZxSwk$&f4Qj}iQ ze|Uhj#nNnD`u(8gG>u865_^UXU2=MJhgj45H)ri;h#_<0zHuHZOTubiy5wy0+i0U% zQ6)I}p56JC0|lKk>S|r4qLKH{^E~LE`WoGzvw2w;Ia_b#&@eL6(nVszyv4=Ah$_O6 zlZN*?JG4q(Sa!3}g8oT|cFcu-sm?U9C})i>Uw0tM!HjNnkg!Z^7;;wz-@;?XE3 z4eF%FSc-0xS!$$djHefeGR7S&`me5K0sopN4X9eK;A)b#owgbbLQ6nsMJ-6x2VQ!m zIeCIN*V?AteXGZ z9HmMI8i|0aCLI7`Fo%dWmR^q1w(8cFJ{6m~7~2g|o;8pD`2z<-3yE?$@Vg*JW$ezn*dH9C(AEwcu96s@K<06JSubL!#XhmM|X z)(3=k93-I$sG8kH&qoKN;%-_I2L$}s@?S95LL#@zp6kI5oHpmvza3*n_j!V`mFQKB z+)Jox%Jx7(opYpnINEhHc!2chpkz%X5197bFxve6^ZG81CD{MC1M>?5Lo$4~A!L$~}GPD-hbTlt_*?$sz9HSKdpNWtl z4ZTTY4wWlj@-TIeORF2=L=ep6JWyhN_&gS-=;=;O|{eVd0CyMieyOpCz^?Eu} zwrKg89X9v-TIa~7iG-B4KJ_uqWY>AVtlIh;UL0yxc-L!F8VLCHveG)ajbEilJO!2FqSk_6R65+34zxx?|iMig}T_gB_CwNMXHvBIBw9*#oU8A_| zD;F%ktUdUKZbXEPYp_uN_l(W;1Dddek83IOU&M^+Jpq>;^$kK4W_(AY)9;s99sd1t z;RDVACpm4BTK#6v-gZ0N6l-favVhUHw}kH!0_ZXzDCbTk6HX!3g1j zQ|;%iLpxAvK2&Rx{%T*9y;uA;e3?dVCn1@I$ z#l1>72r&y=AM;O+C>TAG%m_GVpW|Hh8{TjHmf&Jt96&V)C^@$`;_F8@#z;y z^vvi85U&nMH~`1Rh||QKJ{U(gWF7D>6Cg$8DW-vXrD8qjZm@2%?fQhzjWDr*GyCx8 zUebZTh<{2tt;zFrnqx$l&^JMHQ$&)^#CUSfl6XpKcOZdSQq80A%^@Qd*+O689YW}Bdl zV3Sei-8}wK0jQ>@(ki2;G~m=Gp^?9eSF55NS)~~rnr}a3-CycynO^u0JTE%yTH}+3 ze57Y6j~F8i(;OJLq`i6baFL-AfSUUVkjt<;-CjlHyE+)kxKa)=|KreYO7^2 zzc1fJ_I=hmuZSkKB|g?-P|;JOA~0_pe!~50WH``XE0D}y<}vZFI4VP8W0{XUBl|4j z!qBN9p4mC!dYgHlBMkg|5$y*%&PF0Q9vMnGBb^N-5iv$VE7sXsUAR~{|2Rj%=+G5` zcKu`b7=Cz0+joxhmzJA3?in9-!*-x+2pODmK46Hl$Y8mJ*5nwuglvm&XV|gKZnTr! z^Dh+fG=e%=q(}!qiJZqj|7W!Qnb}q zfgAUcSy(0@6!p^wYmk~sV;I>=%20~|sGl23|OqC{JUPgu3Zh^n*+{x9v2wsu=pwSgFhg|!ZlcVU!%mxJ&H;3jhUpEr>jx{*x2``Q55tryf1Sw}@mMFS@PiIY=$I0kAF_Z)Kx!D81^^*HB0b z*#`96#&3>(vS;vj%;(a+8eBjdhV*XgKISmttFpF#z*$Qt7yCaUP{B%CxZVUBXVqZSd11Z7M6{3fC@Kr3U1kml ziBqG-2d2603>ZL_1>hp5sJy#esu4^LQ7FW)YLgCYQ`sdssM2qzJiCHKXBqLG>y#Z2 zaAuWM8pV_y2{7XoX)Jgf!v+yNquG71-)jlbYpuOV`k5!I7090bv7B?78f5l(}Dz$7|LRDTUi_-$G&t5iJ)Wvj; zPB0hn!rx!4W5waLexE(#0;sxoj8{B+V&(f{R^~rAbb*ZykKmz?(+7{mY4;cHEZu%4 zgR_4(2A0eVgNM4U(zFyV(%z%3ID=EtImQh?Q6`APyW$tt!Dw%a{#!w?|1j!1g_{AA zbRV#m1pMzXOlz#15Xg4G;uQ@ysCdyL2?8#x45G&)JVV;#rg^&!oiqVk(%Or%ieiZa zwRq;h>QQ3di+e5UpSylm@|?JeG{H=d2IeM%br_@3isIumq#yeFomE<4gk~ASQwwz3 zF_yh-Y>~T+?7NWx>SH?IWO)`}yvrK!GyacMuv)Zokc1y)Q5YHx#Ve9~oNMN4;)))8 z<}|x`aC=z?neK~13St>Q@Icr;^_HUA30G64Y!|b(I4?jhRuFHCXf*ge!zw0qDg9Ki zFFvY3mZ*=&Ol1BJ_* zm;3RIzhA{-4r;RqRySBXyn|R*2u&Q%)gK)IIm>{B4MdJ*YYz%V(r2j zyBJ)RC>O7)`)>(J|7gr+@ZB+FlCMweaI@ED5a9Dapp}V_E`~z*!*UDrXUPI1Ybdfr z|1=RD@LCl}g4`F3g!xQ1oBShG2tw(w2^-+Cd3TP;{Y`g6g~YW*HKMkFj5RUV*TyuJ zrYiGDUWP8T^LiWKDU;SV4xb37>R?^-txgOvN-3V_nt3)zJLxqe5Q3K#+{}BwKx=Ez zJmYiGeA^4Heo5GjIXJ8M#fyUJzNg|EeqanZb9-2NnD2tBGse}J0>WNpdDQ)pNT4Kp zlOq$@lfAi9PoeO{o8kTFDi2mi9cv4-R%k)m7TI_ec_f}bGDWBQiA2Hqte*k6qoyL4 zB1xz&Qc1l8kiA}Ddv9sGCg#55e(6mCd{(Gemx-#+j4P5a-@l)}8D{W)U@^3FGJy^% zNG?u|lxREKtk0f$)b7ZYQ`h2MD~V&Kup1cmnC0ohNfOqGWkj@!(d*O@SUDUsoty zcD*8Z7QG*Kg$^uKoVhmtgu!M1Zegz`p)@vFlA`1NDO~jnzdu@B1p_xn+E=o9JsPKI zL&3e);J+8L7}SfEn|;Ta-Sa~brZ%d?`(C@_TJ33dI8vi?+Y!%d3b2?jP+r(sUePMT zmS|0rdz_=2O+(xCTcsS$Jz!)0%)_|-gPL^%kKkbzo%_I(fg|^Nm(;Rf*30wf{l^jE z8z+A;4wz@%PiC425%b!=w1Ncx0hS_yNX#lx9?SyI9T#CR?D`0;zZss4?}%LxNi5M@ zIUK?{W|tJri$k_3>t!@bW~H|dBCqFYju2c@>pv4wUT1b_T`siY1?7I~q(_R|pd3E?Y3Mt5cAeN$}jCD7}`8B5m%;t&i& zSC$%)Cu1G6%GA@hhDfPRNtwh7O({nvGqN8Y<%!ar0bWADcutRc{GJr(r3ylSq%9er zecw@nRcNFJ+%{UWodPXh+`nMWe!C(Y!;kqUfvpE~YI#87uEDXC+#CN`wjCot+?UQk z!DLg56H`?yLnbotExr;-kCXi?p$1?Otf3*%P-z9C@5Q$mfoPg?pu z_?Lb6spb{#C(3_oxj|sGg8p^PL4!jlqO9X!e&yfBjOquoeNsjxA4dpFdC53YwksN= zY2PtmG6m1qZ^nj{67|b;%gTI|%TWyT%2r!ZyNPko{41E_9{zY+UnZiQ+&=_fA%ymb z?ia4DaI}&pZa79;rLAJs((pXm%xt7TPjJF17~eD-DsdO8l89A@4YBm!WX95tY}aoN zi2nqYrpoG|6L%`TsSjHY5k&G_d$^Ji!z(NE21C-Y{VtcXO*H#EPozMj-s7ZuR(e_u zPC#!gL|fadF5QY-(}%G8(1T@M5X)Pvp`(&B7N+SG;~FY8prLesu$xZ5psVhb=3n|% zpt{WhkyXrqLf5OT`z&SsDJW}g42RAfu!gwp(UMo`` zlr4k`ONdGnp`fu%ePS9^&7xtorCvwYHy9k*dR5Rp`>~7KfEQVt0{*pDz*xU<8WW7} zC$7)5!qg(clW(Gj^^2OLjBONzX@+UBc#knR6;fTVXrp$+2+JkpJ7)o5Iccdlpkl24 zg-u?+qHJ+pGI-SWMmY@%wJj|bw4W~=!9Kh(f+b-20x zBCV_ip`=3j>R>%DQQ#y8?S|;pekQ`N03Osj9!i2vmC;`!c(|=^u?1q{`?TQ~-gaFR zhs=CaYf2-=-@($lRAcR0>@F&{AgTv~RVECnt6PKh=*r&n>z0v}C+XB9fe9&@GXLu3 z4ZI`1IR)Y2vf!`x?x1NHk`@*++YZBA47UA~A^LA|r-DE;L0-gFpqT~m(gEdu?#id6 zr> zMz|6rZx0(@M}k$VS{xT(Ci{W-b`yG~*I2abkXXy}4QZK=DJo>z#0`FeU_xZUykxqE zMJmDYX;xrHy*Gf0$vX%I$$~CHM6V?bG8!c%LM-XpHDhPD)5;it#cm1H+v&8tpRxyU zv9dMUfT(#r^x0^9cPuAh5d|3)$gTCQs0CQ?(;6_Fxm6$FK)pQ;`I z_Ry4QGR!!F9%ioP&VBr+RZUN;W2&ZFM~*Yz)tpmc4xWF)!FBlR12X!lv|+Qq^jNrp zzx*n1=O+~N+v}!B+8uCnv;!}0T=6;={!i-9iYtm0PJ;m-nSs2tp}thiYz*U|F0LeC z5069CrdI`MGlwyBHkREeh|)FDvzuv1n}wV6g6!HNUv9P?NlYHPQJ4c(Xws*xIHh+Y zyAClF&H)UcJPYMM$Z5lAD^|k0jgnWQv#DbxSWgx~^bOQ8y@Rzo7RvGZuv5GKSNkG4 zqL&z<((^=$X_&@?VsuxepK=H;)?1=NU#wf_7!dxhYSk<&PTy7qf%dNzIiPWSpnwop zFHV#4VlF_|T`$%mOg5WZ*?JzcNgI<2spHBe*2L$LqEmfbM0wA@6e(Eo{I5c!0!Civ z=SOQ*hKq2n*T081R5Osi%T9yxPN*o|L3~&OtvK_NJiqxYnBdA(PN-$bsG^->XIv%~?0`RSIi~2L9TnGNCbr6RRPu<(Dm>#~b4$ zEM2}N{QQrF-eKJRxvQzgmbP~iaDkFR;4+qfL$H}xWM4H^W)y~FYwORDDzA;Q2c=E2 z5C5VPa>HDMMikns*LI79_Qv21R%Y(>6MbF)&KtXqhM@tfWQrcSdBvL7MI>6r>r`;3(amK&~;q5#5SG{%vtO`AZvgOM`0}fuJQp&%EEvlD@qoXF-IMv#jHD^7KFF zQ-csU3cc!ENQ^V#6$vy71OCOlKQ!s%7X6XO&!w^OV?pbMck7nyWD(FAO0p z04O>C@=#wQj_BxNj}PSdlv!~}_B6u=G0Vm?jHs60Qp4|ke-0wz?Op=p@+``|-$PSbtBy|`|26kULe9e4!dTtsegn=&K$el45w20N-3q6bXs2o( zESNvKsx||1_ZDrf2->)Pph~%DIjI;c#?$?#NeB0};q9Y*|0+^-Q5W~3J{*Ujw{Shb z4EZr;N&3;89alH7i^Z!4Td#;2vfl+PS0?z}*nsR$hn7b(xj1V5*C2eWJC*=@#p>ts zAtF@9*DZw4oXO^QU+p(5y=<#*7qr@BkQ({TNDJ$wGtY8UL7Ct$|6xHthoJ&KQfP`6 zRJOEHauQwiu3S^Bj!JJoN7ei8mqsdT2$zccIb|5mw^}j7o4@J=^RfBwaJN=zHMXLj zZU(j&2!R=xYgXo}^9G&8bWc7<|1@Vaudz3q+poXgMbUmn%HJ_S{wPespglRsuP9*C zvEEmldgN;Fr>e|ZS#g|X2x8gA+4s+*+H!#cW@vu)uOdCXr`TDST|-;bto?b%a6KEN zJ6HIAM%-VakQcetr+N&e4rvI7K;tg;S-mhlF)+ACiKr%eiE51Atu96TFwH!gfK|xd z0xCo9@~i2D!#rkvg`)FuBOH1a@7O4z5rS2r{{{{k9BoVYOa+HQg&*`{7w5qK&A7B& zg!7D5mw=>Gsdrx%_oQiV%GZ(&T}yuRYCo@RBv8BXt7D@OXq7flu`uG@5Bqr=$d_|l zij)$JKEJ7d6BDpOOt{f?2~x4tmm-4R!ulKCKyuadb~~S%1IFa1)8kt?3sC`hS1pOQ4+S^gpQRzXv@0L^CpDs^=ZW03BGW1=dHdib^i9c`%ZLK{0uCqS* z^KbNka-p%{^ZlrtTSHT`!(p?dUCD0`{c_#5o^zO)w}O#3`x9%E`V;i^s?KLCwascJ z`}6MePsakhbx-N>ho3}&|81nN(f?TSA9M+=MAc)mqwX0+s(ltHiRqMi_aI?w3?bfoK0bW2Z5BI8xhy{~&k zj|$c6_Gx`Pw-h@2k`_Ghd9o0IITX0^PB;VB7x-?!ZCOqf%_vnY{OwwX3RvC3O z^apmAJf85*mz#cmTz%$uDjrqmspu__L}vVw0*XJW5dO!q{_il~27*?}TbcD^>i_S< zzKyZ(v`BzX5BK`+$Lx*YaSYKI-X5AY+PfB0nY#u)CzN-u(p9ey^=ql-wsB%G?N?R@MD zeGC%%92aSRMLw^;S6rzomp&igwOB9argp?Ib&OrCHkL%OmGP26I`juaK6b`GTxvE-)JQ`~`hYq^s+{27&K~X<7!2`x%A-?bW}2xjbzL_RhCjOyfOmJ@o*; zxER@PzzMj={l}#{3fBt`ioeDy7`LYZ5MB|$i!rgD_2F;I>R|^~Fpk?}A8aG;A ztlE#mO*XERPQi$)mkjr3S8*w6G4TxpjuQjA7Y@!6aw#P@2PcWq&mR?4CHxDZw5;eS z0tLbflUdAZuasGG{~1oM*Ey(!M{0%XlZGB^2k40k+SeLSgAsi5Ubx;X>+A0znXTlp zjS^*UTEx$nf=}xr=LiCqNWQo8=4pCP;{gcjGLf@#rtW*yJAHuP&9KArFO53O+5F2H zzAFxM>F9_qE+D`&&-Z2+dvmTxZ1Zkb$kFzzf$xhsutW;^X$V~@6DSv*EDG8B+xqc* zO>#6L;GSG%0`!lo*ZIr#o@y>59aueg`hqUEe6QT8^Sz4sKA!hC zWvKJa3@X1A02foKXv0-^9J+2KJ#WXUb5x)Dkpt!si3R_rRvUiYW?Zi5Il6y77=D_| zCd5yclzGznjS{%VZi>mKo^G|fR@}%;WL_4z>)fs~>NE{?`5fi@*3sIvwziIpCXq|w z5tAdYe+LPlOX$14&w0hNP<$R(@gF}OyK-ZZf390Q1N4N(0H zT@r2@a!7E9kKPOT9UkxaUN+Z7efhDF9Pmamcc-T-zQqoRH~5!t_Td6jO=Xg;a`JwybORD*KR}O#=F(`ob2``jd1OkkQoWE+vFc7i9ZZ<75w| zyMUS?K6(0+Xr6+ovSqkLJW$%`v&IaVD0OaI+%27|*;OLpTN3$agnV9|@HSFFdVMb` zn`mBk+ZXo7ih{=x=3~yXoK+?)5DCTn&3E1rS9Io{;pUcoqsZKTt|!=g2|XKzmYpby z>apjRq+^c3jF9A|mfw9MmA0;bmHD^ zwIPV^=q8E!1iSY+%=ckgOCjlX0J~==o;#T1J#|r$Z@S7MY|H*j#3+^7f4j*%hE~|{ zWkSn^)Y~%GIb5&HtI@mb;}zK3aW}&^J3d+B#6xRd@Fkq}m#gM0#{x+&ZOWdaCS=h=Cxjx9nDt$BD0aJ;00P6ZH~CjLpuA zFdk@R*B~ixYG^7(Ie^s76+uI2s_!-KWQS8;wcX}rI1goF= z*gHzO3=-@UPY-jJ2_?RJBa09~<9;scKRlaP*^K0;DxzusOPe~(I>;6C z%EbUUm#I@HCiBnmH37Sbr5!GkoloK&6Fx zFB6YUk4;6XGtCPFAP5AAF}mBid_1eiK@wpIp5Du`=Z)RDO?$zm+gPv(VhHpd96v!xQYCMli-CNNB8wZ zoj=4z@n^Q12n0pc9`wDqkcoQf3wwvNWR-{Wd-qTuPIW2+fBF)`6Gm{?V}n*)Gv(Ya zkhhiNhe}eZ9AEg0x8;8>Mif`%%ZPA-ewz}`&YK)L0;Ks@Lvq=(9}&(-5+0SGJ^Z7o z9&Lejt=9tHg$J$kagAa300K^Nb_N}Bvn%8)TT8F+q_b*V}0-R zbVj{@bseX4ck(j3NkBQ<`czye(Cb5;9QKHwwp&2Umb7hdzW<|+nrch99PqEpB%??D zv7dK27L&f!gY>Qnhz^b`6aHR2LC+Cu;PVE61AcMH|C8vEPrvaEAn}9A2HlTzCw#DOj-s=)OC~hGnqM*i|2;&~7UIL=B(o&TQE41>e zPxsm$uHcu4Yn`@U)9y)!Z?nJqOR`5_y0KmC7_R!gZ1WP2Gk!|dIS^_v|0J%+w&Ngj zCmyog6}+$9u5s!)MkS<*SR%p@HP*fGc(n&-v%<`IfipGS53^(7fm(w}fKQL>Kqa~Y zG$&S%#Y~Xv7el)=YGHz)71FxFVi`r8V-MVHn^b0#oD64Co94G4_-9u=>Iy~#tmMAH zF2NU?z^n>sbKQO{&kAnnrwq@(Opf?O4wpzxPiBH){~5>yriq>fV z^=o6i6pI--c$;1V#VIaAH0fAi2_hb%A;D?7Mt6s;{x6bpZ)~6NPNuSbbsCIBUdlbd zW@HxNa_{z|!xAj6un{&eB$SK8NWl~4JFFu5zs?42**>{;(K#E{y_>bOjcISO%$7ow zUuG+eZfj+;om21Iw}?uK3Ipq?cq1i@G>TFkOQDXPLoBD&$8mk((AQ&*!rGzLbw=(M1NW1cC!WAfvFpl$*5ye1J7iJb z&fzjDgOg;_1otQrukXr|@7dFHeP*Kk6AMfjXuxlPQ!a>hg-{AJHOhN@(CCr4W9T&r z6=T{_{}Y;;0o&x!f@AN#?la?+`i%Y-oXQWCn()~W!0GCnzRNR2J~Th0H5Dr7#t!O3 z>2A{2SFnhG57)I-FC;{t#9TrZgIZF6`bN&oOlu8hwe#6t`Zh{h%T0 z2drnD{4-}iR)Ce=l4-1sk=@u%@W4SI)L=8&wR~H+iugnvkdV@HYF^$;1)(oz3XkP+ zIk4?KnvXm1Tb}mVYNE-Xe#%k6UUEeKd2(!E23<%#<6rz-Xd(UZxKdA6!7yU4P6Rz= zxW}CU&q3sRXwx1cIPKw1@4m^PGR(Q#Xt`b&csK;84vZGLcB|@4wBgLJqPNA*f63(K zKU2htz7NVHa^NQPA&i#*#)t{Azx-FjR1hK2Q+mHr+dp@aA{<4+w1U#SPJjjDbK@~= z2H+lg<_i3ac_Y`Y-QE)Zk$;lBA2{MmgRk&`+BgrxXl-W7m}!{chfyw4eIwVFfM(r< z`a-jI{D6C^x~~*wIVKq^j_V|JH({6*$1D;!3-+qegxb-Kmy!KpngKzK4jR?gqrfMe zP1uG(9JBoc-XmS59=J>bevnQlLbNb?Dx_5K7U!|0?9?$SwWON?Ku$>S`Dyo#xXsP{ zl?a0L#q&omiTrJMv|Xg2IR&;2Rl@7vSQ}E9IG~eEn7Pwqwb{q0gkq6RHRdkYiy8^z zYTJcNgr!iR?CJEaLsynXT;Ix~Dr2Ug-qYZ1-dH{0{UqZ6Cly%X{0q8Tk`kZ|1?UAE zaBwnwKj?uga%JhFz* ztD7O2fj_L)qA2UJ;7tj;OfHT2RW+K1s4|ym_!p$+qNS39C<*G#nDZSX2FO!0h(G|B z0}d^h6`(!{L?c>#8BzXWzgVh_{z~aSprmiJaKhB-kYt9q^;+7P>lJa!`%twwv($q)!5#fdWt&cm;puKeh6LOILxISdW(c!LY&2h z@=J*3R{RU)kOcnb&xeoFc}WIBP0N!!Qp!jC+CC)e>EZJ}jQ zzE}X&b=}H76(ReN0i1_1FXQlXitW~k@*v=$&1&J2%G|U zsEhmzfV*|in?TldRi@^1$Ro!dXe({3Si~;T9|m_fgCip>nL`kpqdSF-McAf;)hGcl zi%8C}slSFI$pJSfh8~E>Nz2YB02(zM;`IUTu)F0M*YPS~a2WA`ZSxZ6Ogl6`dil5> z**nUmsh0|NG?oC?fS-~q>O>O%(ExI^mL_C?yb}_$UNPTR(w3Mqzap5BWLvmzk369| zS*#Vj_|zigiREV>r4N$JiMea8(3Q%yX_;&I+jZsT@He6J@^@AuSfNA_ossZ$2BPn4 z2E!a)OhmAj&_Toz?R!}TE^+2*OzcP0H0XQw_-)Lwo81GHBYsnuy=SgFKo2KqpWih_ zd<0B4#b2FIv(d(kLkNEAg%{&1w|7)BYZqVTLFoiT#9rv*l7dkDyukq}2w;|-s5-1x z2(yEb_uDKP0Xrscw6U&Or2Q{nnA|DRnMAV`sR_ydC>wl&ZCoin6D~3%>*wrD=e#+P zB@3vgDOxEkYwRYL2$8%aY7QW$NFVwIx5XG5VG0LWQ}p_B!-$ojequH`W1Dx{sSL}G z`?~_+Hse-11?|<)E}~(}SUCiO2;uGUvWM>({vex034Pi>^myP3FylG*0v@HITITexP^HbA}SglBAMV*jbXX2JxW`$v+8$3c$h1%AtXwuTqr63j7%S* zfq)KM{a3=!IM;iAG0U6*H}GFQ$ocF(O35U)guH>U{tz( zKK|*|SuLcC$B+vHZF+3jf0akItqA?cqFmOiA3tq+7SxU|_%M6#Eg96(rVP-|W~Xx0 zt|dP){TdV`s0>7-WwGLsB&DhhoiaBlfDAxcXx|$#vP<11ltwiF%l5M#vpg8!fh_s@p)Q92b$ zPHe84G4!Rrz{ks-O!LJw7TIUQsF%TUmMmUnbY6qp8C@XG$(u%+niL^O|~J4|J6PjdmQ6R&-3A%W+HN>kex>6g>=FB3_3d)l`BF z&V~FddIJ7MpBVXWM3&#*WLjBGxt2Lf&MUin;J^pfhlumds7mPB@08KCYS4l=!Q)Mj z=;+P(U3j}id&x2G8na}f5|@d7?Ri~{sq-1XB?aE433bqz(r`$vTmG_AvDK2HzH(c1 zP20cPmEHl-Z2!>_?=wZL52SjKz1v*J*Vm5)w~yvpSVAy|!Sw|T9>Jl%Nh9}DNL6hHfQeS^4K?Y7@5Yd{ZsY$O`}Qiwp`0-{%&@r*`) zzvoDoi*^KC6a0M#ZIV3oFUs|a&d10a^y^NkD|Z|mZeG($^>63Evds&VnF(kj3T zSvA^;Gl7M-c6@%Fpq@G!$u^6BUTsKTP%ULp6dRLS6_@1Z3(( zfsC>uJe(!Bh9c1ExnOZRL(AMEWgCpKMM_i@>%9q`Ibdu%8~rj(MFGRtjjcXZatU+9 zd+U7fB0+61arzFgBB)(b?hdD0-;na`xx#edMG;1O&a*i@Ks34JD6oTy4mJ#YGGPq9 ziL?YG(y1(_gr^N<%7?XOm)+eN%;W+60=u%amqL5r=FZvO&!ZatrH5m}S7Ul> zaFS-|rY|cWkaX+T4~cz1JV9%z8jpeZRHgLg-#i7(Dh9$fT%R??3paHq0#_T(BzOcLM~)`@Qq65j3Se{k)+Y2k{Hm#^MmGgq zmkE1;eN#AraoTne!O63H{$6hFk3AtCt=3m@%~nNDtcb z-sW1}vA};i12YCrWd$94nFH9Nle;p~-6PZu$!K!d&@9 z-bCUXxj(2%Fo8}@neG-8n0RhXsY=T@sI=>MVx{D*IACKS+|fHwCPv5~a*mVAeEIlw z3j@d$g`GJ!vXdgwQX9|-v+)#LH_u3<3%w~J7nV=@z z6W}K7Xn=2X)j4G$-Ziv*u4CrCR14E;RGLxK%$sRX#6XNAKHi`VW#vrvf&%cX!!=S^&CQLZBn#e9bg*28mVVSXAAs&Zy?I}uvJQ6Ih z4>Vm32#4U!;@O50`UsUDOetmQ6OA6A+g0%ZZ@M8i43RRj6B30~5k(6%!xsn}liclL zS@9b3VHCY>s`T|TpD{2;s^?v4$Jy7mIgZ5<=*r*NVgkp&R*BacTers3Odl99 z6=-~P9W_GB1S}ua^-#(wsIT!e?SRH7o89S<<1ijPQL@N`ryV~RKMiv{9Ur7_U~COv zy&*vC)zeu=bc&^0B3^1JHP>V40=jefH`2S9zmKuaYly1ZIoj9DuC3w~e7ceclRW39 zOPdEJ7$jgUwLYT`ZIIbvNxSMy5cu)n6~K2<({&i{HMhsf95|vHVNB5?o)P6S#MLhF ztbDSb+~tve)qJXj#P4-g9%qBWqgybl&UU?P7+mX5|59I7O%sr+gRrf9z~?yh8sfa& z<6Lmm1#0{s0Lnl$zlY_yb{QVEXF0}cCF99_zMg)=OJ*L<4$#Bp?{vwZ^h-I&FZs%X zjyL}vo!ip!{Cag>lzgG8s>&(Nxzp`fU$n<3NVc@G3h8JQ=FFp<01?Ux;J-qyB|oq%%pxN^->&g~1lY;=i{-wJP?cTIc5m>i-3*#yer z4_s#6l{_z8q>O?JFPAJT#xSF#5~3+rbPe8W!+m+Ig!`-E(G#W*cx8mn)huR!L>QR6 zu>B9#Z{W`M7g>+AfPPpBZ;*i%$3oL!<57V7;F*$M=zJ^Cq(0;2>g2T&?k@!QUxk;P zkR%&nk0~06d(IC(74(KtGrRZ(jFlLdWDu;tpjSQu9)bJCcnPiFpveGOG;tr3jS=qS z>8piDHBUkt*js|!sCyl{KAVH(ScxjAC*qSjDF=iGafvywpEwW!In|Nz$t&x}he?1l z3P~f@s=8%-#>&XTS&uz5d<)2q!ZiSB79e|`1g(@T6o>>Nblm}TRg2dom@RaaRDr(0 zAB%SRQGozesECB6!cTS~ltfDwE1%EA+ZM!1Ix(~G5ORcmc?w<8-XRITmz{&4;df02 zG8;l-Lg7*fX(o&~Q8Xc-yh`|!IFh>H5ek666GenY+OqOyeFUcxOqjG369}KtzFGpGSDqID3W>2_mjtU;N@67Kt0Xf5Fd z7Dxr>OL@_x%R|XBdf-z6nu?Erb<`n+tEM~W1s;Szm=;PG=h?)g2!5YHoxPv|9uXSj zS2Nk#p=U`n@ltXLt6V&yZ&{%2DbzAYlR}2x&2fGg|93-kZjz$Dj!R1%kfI`mNuht* zBPuHSN>p?#et(-dphsLq&o723OYD+7V$awRer(r1Utp{+ToZmog=@69GlBP87|XtR zw(k#XO-(6Plt8V<66Y0MbZ$fxpJdD_8%-6$SjH<8YbDTeSrQk3AKJIi7p_J4!L_zW zlW4K=3dRE*+IBV(Umw-gee9+Z!%AL zbWJAUk&<(m9D<%i70MHQR>7O+Nt0H43n3-Aigwa(x`ubJ9Db85!Z2SvLN>bUm-rpI zXnfkrXIY}u7vd59#K)wA$moB@pi*xS3ME$?I3wM>y{q2y>1eFzeH&vqh^EsR9NC_K+jZsU)+vuL^a z#GWm_KZ$k?2zi8ZCO%2%8-H5nkloAZ(S3AZctn_nul>6kUJTl2R%QL(Uf~`RdYT|; zqOo%&6QM&x9*Iu~NaIm&tEey@ajHz*3isPNmyZZ~S#XW!*4mU$rvx?k)(Z=@U-M5s zo)z+ldbH86({mNn)hbO*cm$sm%F>9pa~JL{@!zL@o7AbE0{btY%zuH;kusIv)L{JP zABjJ|Z5+@ut>>PXzZ;KzEn!^cRpHoR3|kl$N`Q@xmPdv?>n)9q291rCK~sd;1q}&k z5eC}%V9?Haj8!~P7RE;%+NVkBuQ9fS6}N!<;f;)@=(BJ?4L!4+*LXr6O&l+zXh;k9 z<-w_W1oHB6UwDm@)FJ%f65)P5p>^mvX1J0Z5xJ@-B%5z76#c$Ez*JiA?|cqj?f5*| z7~;Mc7@b<{HM>cEzX@ac?$-#LNi&UcBKH`=~S+NhCLSm8ywxV1t!6g$#q*S|(e z-;-VH#QVs+bw6u&;8D#hrXY9{re^IEk2E~FSt!f`ffdl?!y{P>Sv}2!gUM7GaqUAt z06jnAa~IaBy#|}5c(yh15Ra&TH=EV6=s7v;2+yf;sHyPm4y$UobMY^(y(buV? zE@w>>Jljb4(atBJh5b|#D8ANjOdRbw5>4tb6+K6yN0SUaM_9qNK7njt3U~4beAuOq z{<3A1O22e3w2IGMtIOijA_ro{sYSND{RhD!uXw1-uEkg~=`2@tJYjvW-pkk^q>9P8 zCDxI5*zlvRv7zz7nn4>I!jBsBka&a62Qse2G1S8~&VP^)E%3weueGKMKTuX0$$+?V znNtS1)N#KiJoumB{sSD}3{8X?%KN26MDjvKn5HTXWApJN!u>aFJbK+ua>*lp2zH+X zj#C%gLpU^iiCDOYkdYD>q_4LBgi8@U7O6Z?#41)Da)0@JVc8Y%PN^f z6ygE@JSA*k!L3KK1>2mlD;tBdF|0COxg_+G^~x4~-}*t`p+z3Iwgi}HMKJlhXS*T< zjT8)R@Ti5={%$fj8IMpNYYBhR29es7S4k7{c_a(3XtK;(ghH}8u-Ai3N#$KQ2A$B5 zp8tSLKXe9;q;m@35&eec*DEb@#TWb$zV<>+!xQny_JUa*Ok$KF4{NL?xrmfAJz}z4 zia*+vQ5l?A&~4cbdkhJ9M1A6E{cT@h%b4dm7tdB(3b1&juu1l=N=~@K70vtt2k=Pp z3|SHj(z0iFz$0zUOO{3JJIlZq!5IA_uO82lW!}oqD5cNJOjeAdxn{m=`1|{r9E~vg zAWC=cKw+Xo*i`Ymf59UENn9R`w+>VgpZYJw0X<*f@oiVJSvC{;l0of{gO>Qi*zl|W z>57g8KW3cIGYG!2iK``@VQg4NOJ&%U=S1U`u&>;+tw&VJ1B4&i^jsO>B8?a4;t)js?| z=J`ABawQiocZq&g!F|j#w-0s2m&6>{2M#dPj7!Xc{lEcP(HgLBjr}CvnxQ0iAd}GM zr2sz45UE-deMX?r918dX{7T_%p#umkGr1vXG`ZFqAqiz=0#bN@1dX!4DUB{d#`gX> z>|HF1{REb``3N<6H?WMgSX3v7pY&a7%7;v-XO_(7Hl+FP&Ei~T$s0DAi8VBkp~?h< zgo9;q3M*970>a&VESsXq=wWZ2?50(;Z3zOkD?)KHUX!o6#s@FsUL(1%4WTL?HEv?* z*T>9SmsvqJ!u7A3(2-C~D8+97(E&XY<_f!rLS#ge1d)V3mPkKG4>XeLDzk9~0&4@F zmQkcdp6aqAnRqP!D-(jjTqkc?YlV9>zV4F8{Vyl@WLtWONyug%^ zH~6Y;2m11^jC&d{3ab*16L8AdliP1N|#=MH)_WkCg@ctX&9c!lIJN)p6D^$4{5Uczz>bPeB2j~ z2tSmfe9H>MmE^FAVE6^DVI77TDPzLuRww1cq(-o7Sl|iYw9;jk6TyJz-4l;0P(qYC zT(}Q!0^ASfQPf7mj|gMIGvgIX*!rcW7%KgEa`*(={GTLL`WpC+Tx$zI)DOFtxx}Gg zf*+%aLLdXJWFy%~O=$$PJ+^r;denE#Wuxkru}C;8+DMY4J^%a~qBGVkFxi;o`qcQ- zz2Yc$=<8PLH7G(9(|HGI_%y8+ozXa&<=(MItDO}40YJXF}B#5$WpC|0(X_wyh7{5_3 za{$Xs$C@Bd$qYo3Wy#}O6=mxq?8UMq?S3AbHbEoDna_BYZ1g)q6PoERQ8f)Z^h0|^ zN&;D^hM>S{-SRni~+R0OXm+)$fCS{5*Pv-?$ev;@9!o!TM~(4Y_5em4mwQ(l)5fp^PN zvxfqiQ=1lUs113$ooE)<>>AShE_;+vp(m+(o;?o%kEXyQZOkhk(QlRsjGDC0ONtn4 z*!(*2h_FeF^VSyWTV0Pvf%>TP#va3FpOaCfwo+%vho*!S@NHkOE1>H5l$Zm}IRIAr zjE&@=3m6-W>lJfcma*z@#Xz(R!;&6HB)V5Q1FwEnI5wD2N5&y-o@*G(_)rpu+Q$R@ z&^Q-6H7<`h$zz2CDwqW>JcprwVI|JMo z#^UI56=#AUeL{={(<0>#kG$bo!#40^5n~l4K=MNH0MvN>K4FSo60fhF1vXJVRR^WZxGs7BSQ|CiboYkz#|kGveKE-VM;>S9%UfaX6MGE zhxg!z@%9K5qK~opEotXR9OW`kE~mo7d9{K6hA;G+40m|A{A$vuFT9(iAb;T=Tq=x( z|E_!{yaH?Yl8v0CtcJ>Hi$dmVkVWE=aKD^ud%l-Q2{suYbO`M}3=Dq|MP@v0)d?*X z+6hj2l|v2p<=OW)yo7=B383>4tJfkhWne0!PGw!xdMRPQiVTzy#@4?!M;cqXuT?m{rJ@u0tJJv6Z>S?RKs zL_#To6&|Ju2$=^Heeueae<-jZRw&b6H!Qb9pdZViZ5A2c$E0*Sbip56;ENT{>o=Nk zgx^~Tgs+VmcW!f8JaGO_O>&@*m&-_TLTYNlA|+3rp{``LDmxmUFwuc8UO8cP-LU?$ zuZh2nur~{J<9vi#yTv9#2zOaJ>9^F;A9qEkTw&Jf>~?6V-eI8`{x0gR;XA46U78S( zh)3!Rg}?Mdsi}A`^k8MJRQL%zf*uPQ(WaLQ!z(nrBT~{JK0)0jAG+RnZJ~zSd3LJd z6W%umO9g!k3F!8x>7ic=%~BJa9* zgy+nwAe65^#-$1jQ(cfn#v^b}JW>cAQ2=JNX?M-12o{e}Xu&mwMkhxejfd?6)bqda zi1lTXjn(jG7r2kH&PP55vQhnjJPl=|*BwkNKM{Jq36FXjO^NPAd~{*`m2h81BvVj@ zO}cL@MUSEq@35B4LbWkC7QgFD$i{CXKUTZ!cJ-HVAN~kq;ZwjPFjI=J6e`_^Xp=-= zjF1&5_J;fPnQ&h`lHw!D!hu+k>LeZ2Daa&LKoe)hd^g-p zh~JP8vLWwi!Ucw7;lv|BSf4`c%u*)7t_ibQs%TyGSpcmt0=?L0NfyQQLOd_)31ivx zoGZQL9-Z8_pvW;x;7xr8b6f`~Zm9T=zgKfzBw~GifJQ1(W zp{&WS!lF2q_2NwI;gN;kG~tnGqb)`w?6dW?|H!&%dD5wye0)-1_6V)$U8L~3i=HT>gy)LqWAgqMwe6HVTTBd7+& zNnv|7G1WEdtB6OUkx3W)Qdo*Y{QRv<5LPd6=@;*Zra!r&Gj8BnMN#(Yk9{esAMc`H z!!vJ1_gDMk5_6zA2f}BAH6y0jSSCyz+lRt74Tc{~<{R$5oXPBDJnn}wHbyX3Wz4|C zlEV+iffe10R}MdTPUUjY1YPSxg&(Wf_iqk~E7(t{_(P8}Hux>NJglYVH|mmGoVv0r z*&pej-vndXh`s*^a37jRO<^de@^D{clWT;rde@7wtF@NC#uT{kS2K|p#xh>BtDb|F zQde>wI1r8XmI>K&RGt`N5qxNTUi;vO$)d1(n&7_C7GkVI z>ZGWyf1UNGkGt%G8^Dj>py&;xo}GK{+tw#-RxiBXw3Ln5FT@-EQDoz&P&Q7$BUKK) z;FK`73GP#A$Roouh5gaCtk%(PA#4%Zm_;`F+g@p|ruaU~FojT4=t=JU@MF7g)Geu!EGLuQ9}zfDlScu?Ni>m7%Bvhr2niNP z);no~SDS1^bxI)b##&g1C#_~ZbS*>3F&VOnLvLtYM7>OAI#f^)R3s47MJO*fId2(j zoHViVd5K3|hQlK)j^a@fUa0(H$tlDmEUUX#F%eqLuUIaLU-Ol*%l1#&$6>83hui+? zvh&!TUV`7^O-k_&j>HlQU1iWC9!bfKiY7NKoVI?0NB*wm@Mv4WBlZ~acdu}%!M~&n z)Cnrld+@F0zu`F&)WmgWSN@m<`c?EB{o$A(72$=e98SOCsZ_s_Jc1kY3a?Ylem&2f zEa2i%9WTZA=>?B`GG1x@$eY@bms@Gl)}_g zWbCfxSB(uO@no}e>BZCoHt8O^RY4`B31!N!e%fVU-Hfs!+y^@pGgyu%rOQym4#PAv zxTxZA%!c^k*MRrCRxo+TOXN__9EP`s)h;pm8a}J&`~pij@%O=??AkvO+ILrgAKGt8 z8DzVRg04LLu(pN`mVzbB7oQZe28Qv07knbMyT9u--l?Y}^h8Rm+732lU%zpWY!vP* zl)K9?cqG|KzggONwKe3C$wqLs7A4bUBl1YNuZ*(NNqd~aAD)Tmd_J{bs9P9|V()Lf z-DP&oa~a7u$8*FM6CSwl%8`wdL&90BKde>C9_^59bVPJmNVm32w4ZG%1`=$B;k@|FCcht#KmLkuu~( zG;w3@$z(vnPc)Sb3+aI-Z9s@eLiGl(Jy&s{^%9+?`y-5Pp|U1L3d@iQ7+(21RuMnH z)OcjP;+N<$vm~SN7(KQ@@FDyv9$^`jpd*<@&O6gO6)pS{wnN#(Dh^{ZBLxDpNAYXGBhl$;^GkasIK1a7eJQ-ii&r**b!a!aIE0edG2JC$;XfC zb!=F@lJP173u89F$Y2wVSA_^F3!WZWVXThVG8xur(tzq{0T;aDL#cBd^ax`^{2;VY zYp3KzwrwOr{K!>r^e|q9A4Pq@kbc29;=5NTJc$~eyP~iU@JLsBqDOo4MIq1J-`2ZU zuZ5mK7DWxVJDFz;UPPEyI)Yk4{1EOpqDVF2Q6bC<+n}~fu93#RE!k+l<+n1zGVw^^ zgsC0@O~^zK<=FO+GMWmZC9GI{H5`ObtP^$>ydvBekMMdrGWpr&x|Rhn$R8WRy3q43+k$Mg}GzGwCA}!$~ z0j}&nT0v~!ny;|%bCX8tn?N3+VdO?X06;y7q5=cS21 zFM)nYkE(1+NB&K8PlSRd%d%KX;AqX4Xf*4j6ruKuC&f}UDXgrX^y_3h@`_RJ6z(HM zQIiV1XYJD@N_px2QdG&fgRC1>XB8s&=R$Q^A)FGvXQExLjqFoW*vvkYD;?b*dMWU1S2wYORkwNIZ5DV*=|$`lhm^j%kc)_1T94=&`w_?&+w4%lQh z;~HoG6{Y)k7;{DkV`E==pz*FcHNLfhE|!0Qb1aHkVg3WGs~Yk;2wYHnvui?rSgcK|D&6D57o|WR8Fylq$o0j_b6xSgjjSN6-e8 zrd{+~QD3eT?n6%tvQd|)+PzC2j|}&DmgF@PeUe2{DTJoz-1t4_Kqulr-c#O*sE$cJ z0673kdhD-3I@Y3NFJyn6f0DKDA=VQyX=P6!*RU)wjtX-Vy?9}jL(pn2suC=pK~O0y zOdGl)CnR573Eq)1vH%SsOVVT(=&~_mc0CGF$qX(6s9P(tv>~MYop@46PLP`Z5$b`y z<0au zOo#L*unt1EHYT9w)h?3IEM^!r|6IQ)(Ex` z*UPR8cqFAup0cvTiR>d?{qa|k=wqZyzi=0G2`uq8L2H$u)_>4sCdIwCEq3*P|9>tu zm5nh+Ob?zBV@~Ur#=jio9N>Y}Q|@nB#k#!PU3T%UC{ZIh(9A>B5jJ3;@JdDy>N?B0 zN$0qtvuHI%%xJqN=X{f?NFCG z`CE+Ju4L@H1A4*UoM)jWLa9{B8wn(`Y%P$QaH=ah`+nB#Jj|F7erT*R1_jf?eU0k` zVReQdVSS=W>%N2^Mi*oPv94qyVP%Ifo~|P?!}-*=CfJZyll`_ZO+dhy%x;>8QK`-q zpZryLbg0X$n$6^X9yGlIj{sT0B6|U{7X>fjz6c55%n$^Y`Cu&DCYUp-q&GZbEmN1V zmNGoie(m8qc3p9?|q6*##yVm8G68c*RUk$HcJGWd^FUBapdWCJ9k(zui zoP}(A+OMV_r0#@Jsqq#NgKv7Dg67SC2qYT)g%K31L~l>?x}oDY&%`N2zqZQbNPD(X28P zl_6j#jnDkvrJwl(0`1*^c>eYFbJIWaYGAeX`b{8n)Bhk8B%w24KVdIQ5`dufce5@_ z8%RQvZ9XU=YBWh=pj6o!9M)24%>fe(Cz@E$o#-jy!kPfu)9~ky@Q$}bme;lfn5aW} z^mpA&X1u#xYT`LM!hP}FkiE$^=B*P=(5BdPHbeB4MKF&?5`fxFQ!(qdCyF*{RMx(( z&_{MDmCS38xW@ZVVQrIm1YK#Usnwho?uk@ac4*Srt6k_4wjuA80rg;(k^}|# z0Va~9M?5k)ge(eho3?1oDqJqY{c^GzmJ0vjQ5X1SUgrdLku<_KJ){TBIPGzs&NjiRSS z&kyuy?PKa4S%@=`Tqv>OAZvkCu>Ou|Hxn(Z^+w0rp2f4PY%S2)c)k= zfmGMqtw?DySMSPGyr~cl9g^MwZPYr8FhSorpnmFhccv7z>|b65N|QWbSOGSZLT1SNuM#tE9e8 zzjP$Ua*^R6D&OTnlk7RFd^hoL1vK9eb3XjfYK34A<{(2GT zN??b59o3WnuDY}j40}!$zxVr0z_z)}{09)&q#jnbMQu8&XGx)gOpcml5{#ZFy^9_x z(kO|3H4|E;yx#;(#QY})jdQ6(X1d1bSYSQ->rBp$Xq!j*^tJX`bjy6J{#R<}h?dsQ zkB=Yx9MITO7^+HJxDcGt{$Cp#wPYL}i^rd_LAE`4{apoVsL23lcqU9!IF-hRj6%_K z80rZ2U1LKStL+k3%(3Zi9y3A9YKtcFDbAJ+XymGHyljuJNMTnH@+9aL~vQ6+KpZoAEmqn0} zK1D%T);{3}hC$&_>d;eM`qh8B#>XxL(k7Tp%deuzXXDX)mzelQ9$C0EeJ9x{+y`SN8$H&oCdZxtzpKaycnyg)o(g57>S?8z zk#P+edy5$=(=XkDVue91l8wSxQqPM=QlJ8w^6D~-rN2}UaO>AdHY%enJmNjkwTDYi zI2+7ezMfCJHY{=S6pHa>>myY&`ISTcxHIC*as=S=<5h; z091mUm-h2K=pX9SXX14x`y*@ulIPD7bb*!u>U|VKZV&oh*S*sGCnXW_s=yP>Q$^Hafb}s~FCt3ZY*NJ=!E#f>b=x zX1vBDdHI&m9?ln!xF#{^Jm(ER8zJnI=9m4!x>g}%*YFz*j3#)T+O%*(?NildrcE$> z_K@-6Q+DBvF8#z)LEW5Uk(3oj+JwO?!6IuOAZn7(*M49PTJOR6bvniinmow%hJO_r z;R)Wu#K5sGBc;`7p)GbIZ~Icr+Ny?AM$YaED2&PbSmk;EypLdzhjj zLrZr4PhI-)=W{iB!jFpSC?P$-T0-F>{Lpg_#`=w0@c2Fp-g2HESq~=!c=3fCuQ8&X&FRyY4SO$Iw zW0m+pw3uQjk2mAJp2RV`7IOcPCh2h#hjlO=?a>)9+MC)(rYhxI^a%BT-s2v;NJccZd&s7mv!p-!ej? zg|Wr-o!X)wwe^HT?HZJ^??v7@tU4*S@$m4Efx(R|0mEC>b2y&=zwrb8E=9V%=K(m?`w~;+C|{(+Mql1EYXC- zkPDq(`7XX78+)tY`-QZqJt5(Iic8FagM|Z3cj6LrV1IBx0zp!fqD==!OmV5vQ-RHI zAed?q`YR9uC;&BEu__XdB}f?G?^ttEurh#lviN_uADTmSj7@}AZ&wGJP^^I zJ!aJuCbwIlNnv8z6c8bhn*KrOrk%%CH<~5ZLJsAvP$-?Oe3}&4MvJ@`ah*25RhUN^ zAz~6z+61u&3IUTCFTny`E$q@YWVKT&^@4~W$!wvxlfQ;&ofN|N?-(H=}S z2yyXC4e5!y)-Q~%``>4l3 zlRp$-+rU!R%YsVOxmbqTjJf#4i@EPbCaldPh{Za`BlT_6Z&GFyh9i2^e`TKydDIsV z}WHlkqm!M&&bC^ne45LECKh&=c`Mp9JoIpGh`pz70R{RtVD+PA6;<)}+CIdCpkR znGpV?ycveD0k_wkkUn`tgdgCqP4sokNcqaYeT$!k`^XFMN}-EI$9>$nV?WCEv=48& zyl{RsG}S3AxF!!jxDGyuE>9tlWq6wi=QeLqPcTh1vaU+_VHm46Xw4{>wOu$tso-@U z;p`?G$4;j?UxO#eMmE8N?SDP6lIMhsgc6AC67|m-iK^Fm+O9kvWmhcnk28qBVoTVP4tMaBHAL^$aCni z@1gMp1EF$ZErsuOqK0Y|zvC&W^h-Nc5x zw;xU-p>N@>nTk*Z^ravTAbdf>9HmGbrM6UTLa%**By3S?vg;QI!g$pags;tUrI$Zt zLZwYXk*iqf4WOgEG(Pn!mtB4jsjBfL^}$P3fk5iY1iMdFpb#+emeSNz0wFXtp$G-P zZS0D2k=?KyugxNtdHG70obgLrWbLySDHLJ3ySMbg&tj&PkSAQE{+4$+uRoh04n3Ah zkpwl9ihiT_@JIryh2l$q>!r{>@o3|UARK1x3og6l8dq}BDug7iwnBv$-av)QWfnc< z(vO_sk`r&hpm{h#kx5NuFV;RIu%(#LXO`uuS;dyQFrP=-Lu>_;m90xzRQ(4mw`aKG z6E1-sli)41sQDpyE+LHYZn*PG`mezyMx6zZuxPU$EI|m1H*lQwn73PAm>?*&^YyJXezc-=>$ zjNm2F*cfz3FgAp-dyNe+jWHqo$YCrYbTTSs*T2lzxY8A0wA#jcYfhi0tYS>db^ZU_ zJF^%|uJVr8ot|FCgO?Z_8^_BSkHK3UyxTwwCSW2Z1|uhs$(X+d~vZ zAyO0|ipWc%C_xYfM1+KZC>ACjZ`gRjJN9@PZ{uag_Sn-s-CgNDYSMq;Ht^pgUeerWaTw_^un!AGeXu$y|em!Z0Bg zt7p;T7x=d7>)6Kae~N8n^hvf+9X#l>==_n6RR>j{5ci7?$XX2=F?t5usBc-H_#xA% z@2;jl_f5)8!;_)Lm2D9$)i|2iRL$@B8dF5S!ou>5K!$Ckadh0f8Pz+ZWu!*-5Vny< z)8g(Y8ryi!7jeq*SK)9XMrETB+^0}JWCCMAK()ic1lEXvj4BFRJ&h9=R*R3}!RdiN zkGwn67}IHt{UlQa=n3m=en+2cl2-0q`K#s`xsqo+eK3tt>`b1^hpg{w(+p`)BX$$F zgF^%@s=M&xFOuhjc3D27^Bt-)JPr3@M$;!<_X4$gselJlNrZP_uP9 zTQ27P;U)6nMSfTVPmWw9{*UffyzSLb(|CF8?=Z;Z$%nhu^!W`V_%w_pONK_KS}u6y zDM`~$W*??J&qsvL^re*J5-ve6=4yk=fDzX;_Jw=@m9pKzZ^^_92U9z=E?6fR@p6`I za;q1Yd3r8&-{z2IR^GaZHceyaz++YCtluc4Da%tFUb5T9(S~oM7N7n$UIqV`ymldv zj!{M}$}4#$`AepeM|MR&LMh=WeeKJoRtXzrDPWQ(>px&)?7Ue4|S=1^1x3f&M{vG&)xL<4GDCPefTe zGglIw3Ksf9*BBN75kv3O0I2aw`rtS4`uE3i>CW^v>g(y$)#K11$kTN@US`hdzI1Hp z{TI>uw^Lua_T*{g$H?26H?)GNZVwq+ovbNoi_hLs&EN6`bkmbDI1(NK@!}c!RXQX_ z%9XcdYPVWb5S=EyrbW-|{SP<#V+$im>gS0iFIFLs?we#1+llk4#mB#gZT!n9Ok*3- zvy+Sv>b`B(?1tVzV>9%=bS#W!?}ZUIKqF@p=g_D-FP@1IfA|~MT!g9MHO@H}?)oz2 zyt}cDGv^}@HXA;T-dE$UmysHq=zZD7*=P9sY1oer-VJ4An<@TnIr6#fEtY?qz!(rf z^E#NoS`lcCqo$Qf)ef*)WXph#+tN0^I_7rje=MZ zur$8?68AgS8Zf4w#5x&AVL-R?g0GkVn5ITUN#FR?Oo{0?B}=`PDbpqz6gWZX$S7z| z{rpbSq%j>*wu~0n;>QeASdRL1lTR>$3*Q8U$E5mc3Y7U5Wea)WqK_eHRKyEZ=F2?# zMy5XLiY%7wrje6On<*pTLv^;CLO%SKOlol8$fB-a;uzcx3NVUBC^Bur_-?(Hku2@= zx36hv#;8?Z=b-fc4j{kS^4HNK!TN3>f^f;C&hC8PXs3iA6#?(-*K$ zRNc=vDO2#*b@}aJ0!Ipg&^J8DQ8%cce1FnG&&F@nRlVioxv#F7vQ_V*RHYtJ1>kqo z3)Kzu$JF`M4H{ojH_*Lrq|VWSVS@5+<4T`us@qnkKW}Mel01y=M5CmZp5^yJf%IJ+ z`%XrU&>vf+->94WDMML=gVGK-AYCIy()&{9viFeASvphkiRKh*9da zV@ZE?V;d!t*2>a7XmuJ*?1NGtd;podj20>CS#(ssmpspC^3i%wETkN3i`6vTLhmcz zqO7HDoH&j2I84$pjb3Tlkcg}Jl1k%Hy02@xCAMa(+c4sPY;*V7PQ$&HvxCgDYPiy=+a-t2BEI zaj;!Z%NO$KOJRL?z-ULcr)^low1+;%xSxz^BsJ}3j?tujk6^s6LPqAlM{lM0tdf!P z6eIO4&(m|N5kb8Oq}cuB=pLioYNVP+@WFOW9pnW>FM2EHq5Mf7FEW&4US7OzwOh@cL6t zZHSlbVaiF}QQcB}zMIj)t`*Kb|@XtXTK64pKh7$kPa__uk6%XX?H} z$dqxKLj(U;qe7isconMmU^|ZaAio*u3H_m$eRRpt@<@M3?<3O!`hvDjB$d9FI4iOe zBhu;KY1IFXJJJ2jW|-dA+_%HAjp)?+_3tCj2WV&MyCv)#UWg>pK$R8b4HXn` zE%!||9}7<~E#&z3^KH{V^7nCiC|_l6_$`dWFb$<|?`E5ydcfos_0@+kG%U#bfzOf8 zcIMvShI`oCnA-k7T%YN4F@H_fKypbY8IU%}5JYb!#!AK@WMcmL7Q8i`ba^##C5y10 zcXhR}3nLWqWWAOP^czy1#i#FL4Jp1Gy8b)W!lSoDdFmH-U|{cu5yp(3$2u4xOEAiO zDHAgBS$QzhO9HJYM8?C@u@_boXR;vd*&jnb7Np#DCoeNh&k)anf&64JnWCt<`+Q`+v{C+4kzdj<0ij8R-&UP&k;th9)5WIJJ#$Vs5Ugi?6FDKlRmWL9Vo)QGKO; zymkk=fDs+^n3imKOUI`E;1oJj`lEv`3!SDpbT~rj9D7+cvF$qCXn%=D$MJjz^eqlE zT`W3322qjzKvyvhdtn!g&0chEHTBsYtV4xIz~_+Zr5{lhnR2L+ude<`oz~_VxU(6s|(lHO+;^5X7$P>*j`lh=F!PkSF>a1Nc1 z-mhQ330b7~rR#agkF9in$w)d=f2sGSXJPh^OYly3Rki7(e^yPLdQLTe?+@V2$kKB1 zkV}*GDd_!stI4Z=x0?EGY~y1~Z6nZ$hx3N6j+IOqC{wG`qEQld=uM(CyW;2gM(%9c z#*ZPQ)=0cB*e$PP$uAbkK59k3@KpDr!%y>+yUc)1hya35do*Wbup~GD5@K7X=ee#Sa?@dRefYm!m zPh$Pbv(6fSp{ZAd9!z3}7tu54L&x^uE9K;~fQz=h!i!bx-j1~)K zt)fa^uIBh?TGLZ9@RAUolH{#vtGxE%EJN#0;b|&fFgU;P;7!&1?f-z?#SljW0|v{5 zkm=QG)3#4wzVKI_SWzfQm^5P`VhIkR&q%}zJa21A= zktn5`zm+v$aI8^nrjdXFUOphVUS>Aqx#^NW#3+B5a;PZeg=eSm+9yU@LrY%!OHW+{832%Aw0w%9bc$11XNHm&=!CrjgE*dRgf-$2(T32V;hLp1AB|_hP;KF$F z%0J+v=WQgJ<1yMo`Q!i zo{h!Do(z7AnJvNF>quse>>}|J@oIZ(;uvXG;!hY(Xn(5@85a>r?Q2YJl2E4 z%Vrh&109Rw2D$TYE-0dmUg2y(OE!eg53ir-ee{3KMqmU-4u|G{^ksDQBgll_TS=#d zj^(BPc-D)%^7A;pIGZ#YePJ|c|2{f(q(9^x6-Lr&(y^sZ!q&XyArHNeQ=+g%a+INX z=*9Va`2P3qe?olZS*anVVhZr$KJ@EvRudP|aABc&TC(ULY>~VOzWj8fV{zCZ8N<;< zq-)ZKj&1K-V;iwUX&cdZ^~=w&SiNlHEigKcyob>HdTy|7o3HpIJPBUTg=oymHZqmF zerYFiJ&(xfY%PMW@3H#YMx1xZUL#A_HmZXYo3BRx{Ow=idDU+z-x29qJ^NmexBIks zXZ;DdA+`R@*XN4s-jFJaHH(YcMHb~d5l=~{UWF$hJken|Vs&`D_sI=!cpu)L7f1hEgL_$is_IlebXmqwM_{SutWheaOW8 zc)2Nmk>15;7_oWo8yM2}P#zjr(W|-=Af1P!dOT+z#gI-tGNe_e{VzB59eXe6nT z+r4k}RwkpE!pAom;X$yuZ`GUotHr%M125c1FYHacwA>7%%Xn#k?NG*42A3B`K4PwC zZ^6~?Ct&m|Rp-QCmQGt5X(Uio=fs{C>l0tq?|25-JfLb)p8c!IzV!X`W&+&u%p zGstro{&~KY8(J`{0werJ_2A80H3Qyf!pXZ@-wS!f>B}qgapX0pQYVWiumxUWaS^oh z%0B)I6180{yCQG#l`WZ_P+BDs`@pR!dxM4)@jolWW&n_hVEYPjE_KEeMvfvp|BqD- z^))3(192_8?T??XcAVe@Xdk(`78v&B@u&q}K-SI1dhx9fX8TSdt^G=ohGZ>kcCh(% z{au1IT;^l!eEcBCIqoMSrT^!26GLy)pXG~e;8Z(z91sHNePE0nwNAN=!we*(xQ+*V zzS(E!$p!O0`4vS9UZr03_}HO+u1Py>-fCCQt{nZl20R3{HPjCB8z)mhu6E^6CcI8}*uh`I?Y zPVRKjvLDY?P;vRZcGv&c6wAnMjKZXZW&?J@j+l{r??1oIy>bFp$ivgLSX|Bfc2@TT zUOdxRDM8NibB>$hA8#$obXA(Qe`R}f+DQ4s=;qQ_@67(Ja3Q7b+U7=3;5BO{G7P0Z zoQ4{N8e7(P5KB(ojbF!<((52Eti{|l~#3|oB^ChJymzf9smC#$L zn}#t%bJ_(-%>n0QD77GMxv6u4lt zpTD;!=3O{#q$9vRW5>j&VD)!Fat-3dU4Pa4K*m%+=lsNwh+&I+@DMP7VP7ntAgxVgOJ4RzpzO`-$&Ne-MW z$kI&>j=i|ADKjJ2_boV}hAqMA5AGShY}ZiEGSrPmXx`GjQXd{YiLlJZ{swvCvD`~C zHhrVc-v@%$s5cZzoJ(R<^(0xQ8vQ41BnrT6%q*ew2*o;Q{OMH#$~eGMpnWLv@&~I( z7&E2ciZHD+mTPEGRP0x~OR@|p4C?EtR=Ld@Ff4_FttyKtS`At-?;CZkfQmu2>tAh* zJ|qojZGLY#)D!}!_}$Uk4^a-BIA|!FXjEdC&OR#pS<(bT zIavQB))RlS742rwrMi>@3^Q+#A)VL>uV%hxc)6E`Fx605hKIZFEkO?%s;6t%{M}wQ zF)-ibKI&1Pbv!)%cM{{#jjGgqRzE7Iu-*A6al6IBj_MP7t9rKh=7X$y(sSBKjJfPXQ-Nx3=6m$F;W4(424J;o@7!Ecu# z8=W9K|N1Oj60fZ0w54&b=~QP-BBS`oVozQ?*EU&PaAWX}*Gq+x#~s2{qUFrE-8Ten zKEmiJNpYo8yKOd8bx;}+t(T{rS4q)vhp2C7Gy9U=X6r;qVyUsa=UyjV8JUHI>%s2> zy!K?)DN{nhrzWzV4_*UR6}n!uKGsA>%o4)b%IVL$Kv6@uPB{=rX3$$+{k*X(P!@eP zYnw}WSBWwx-&NbS$g#Hd(lDa8-{1Zw{HiS4IX=3fcotR(mR{Ar9Xb3#KGcBwyp=5` zDmGH(G>}o2GU^-bJU|9q>fyu;b8C@v{n0kbVw^<>H{5NRa8B)-)0NzojM|w*2QPaz z!yo^>p`WP?ebRh#969IK!ZLbW@Wl>k(Y)y9`Sy|Z7=UdrE~*`!>ViBOs~?Mv8IBA; zyT-CzWlvXiyNtv})4D?u`LP_$9Au~-zK06|a_{l*&7-%gZ%b0iqKRipvV>E2!=h<4p4ntxFmowaf_GSEpz}H<^Ld>8LgtMvKE}MD5wCI}ZIW#k zk_2?qGkcD5&;@n9~W#<6p1jHHmUitca!& z*AkxDD+}JXR3zg~%;P1jCT-M$_b7_qeO$6Nxy^dnWZ6_Rmy?!O_YKtm#7Mi_`vU(6 znSYeiWnI6YC+*Q1;u*@JNkTy$p)7lsn?A?G`Aayxxm6!M&RRHUHobr@DbtLgx{^nL zzV&yf>vSU;iSB~D#TcQL@Bf-$nkePU4Y2~WwtxMxOFE%$ei3q`Sz5Xy0MhmQH7V1a z+$9|!j1C~>jMSzJFG6){$1KRif)OA= z?~RB4ebecMsTr@%Wh};uKp&f|@22S>%xJlt%jZL5QPEUpqePb@>Ne)_&(je_7RwCY zWEGH5w1745{aoI|J1HGGer3dh_qV_-wwg%@vGT=4nmb877w4U$^Hx7XKRSFvt=Z+` zQMEZXG)kuxW?`|ra`YEW2a}h`p2N{CO{f`xGr4s_?~XU1Wu|S@62Ptqe@W~g8|bSE zo*Yh`TB-f zH}mz^Jbto>8pcHDN*E2U%I|Mkf+zu*50=V^Rx6ogIFC&Uw!J-FMudaPJ1ImiX>aG?D&Q$h@ox-)zvuq~vr>@#8^z65m_p}^3YmnXizOL13l|F;1ptAJ zj7-SI;;Vp~r1U@Je|y3dR&H)i0<5ea9v&>oKotp5`J|G1d{jP&2o zze5Ee2(kXpv;hzl2WfS|z(m31B*ip5!O#6*O^8QY9vf@7vZ>b?SX_87+ZTM~#A%@* z;4e@^vBZ;Qk~8EHf}lv?$rI2Z=u>g!E8q(wZ2ET)+C8RR(wM8YUq5?)dX)5NKUJ+Z zmDRi&CmJUkyJJo30$HdjScF5H=VJfpDbg|k>P>lCUAHV|GS9} zq*q%;|K9}v?j6%Wl*zhdvc)+3zi7h$MFac))BJyB4%jziw=a%gAEVBP`uuxS;cR*i zy*~Xvx_TqO6JWzVuV-GIl*jAic=UXJP zl>g1miwo$L(Uyu5X%-xBdHZ*RcHR3u9)3XE3{I6&rC@8`tpumls){}_ZhODL2d6bElw-!JOY^sn@oIVhz< z7t-?0$S~|2RDxC!%h0w2&4LdR$VVy&;h=t0yXmKGydAYr6k|#eNc`a=65LbF!Wsms zO3~lu{+0(Wo{V6SLXs0tc=^D-{F?o2lD4qGXo)sqIp@{?0bIb0u=Tup__1T=e!`%# z$}CuQknsfhliiffoVRA35jS55gSLG;Mp7#HqS0zespCYfSw^*6mXmQFywR_fXQEk^ zA6)9Rzc!s1*t*?ju-STEm6lDSPn#UKVmfY;U_^_OSf3+UxDHa`@7!IAn|sMFjB8Z& z!-_bmBwZRmzM`$7IM~XF=%R3LUzuGQ{BH9f3wI4Ky0b&C27YZuMl?0<$EfzizEoaky2~CNx_*5pzy7A$1 ztE{@A#Bpt}J8>Xy`mCFOj-oO#SqmUHx9x0R6?PPL)$wUb{pX&g`XJbDSNs*aOl53oklV-+Fr zSLr%6c)DH4^vaLu$LVA$(AAjsRLO3Z z%i%ORfmow>U!`plS>CX?AoJ~=Io9;Uj$xw#%hCIZW1Ynpv>(=Se!}S72&yF-o^{)Z zXB!_Y4YZSTBo!RoAfCek&V!QfSlOzWFM40yX zB%QXhLmd8_j}eNlvkFZs&ofkJJShoaO)#_cs!9?_ukeO9K8g zA6F^q{>js;J3F$+hjty^_Y`v>DTYKEadZ@~h85T~CE{-vSA?;Z^IdbWf`>L9$p2aO zUl<@@4U7+O3#o$0L`3qrhe8U_9g>zP5Q*0=e`N1@6Uw`|3P-)Uvn&irvYE=r_gy|QQ57-C zghNz7I_2*e{_FRXC1Zm{f#VU4T0@E$+%MVl)21q-7kU;Tk{9i$}-Pow|@dm zkh;6gHOM`PbV|XGuSiEn=^SxqiW#d#n4Y^YdX{?HCxtUL$J1UQXC@1n{&`2xFz!L7s$J!G(E_&ce2KW7N+|!t13T1pcu1kn*eRbZ2?NxJjLTmP+&u zE+xMj6avFXOj#!= z2#GcHCh1zliCr0K|FAP8WRJDi(M06sWt$v;py#i2CRp0t)M6BgXmu@8@K={XS?p^S zOqw+yl#busv}O#EwJyjRrsfqEYnof83Ls+D1R7(h-&EDwCa-+w9hcRS`l0)*6si6P z#vElX_`+Rnd#)rpRYXqvY>3N2?1#&JOkqdnx0B-5PETP|8O`GJx+-l2k~`VJ^^Jn* z5-kr^nuoU11kGV}z$bIB0Ol;QCbC*@xlz6{ARF5Ah)xZq0gSg3JmB?h=18l<`}$p6 z;tTe+h$qdpaa2o)n8A@FKd)7}iWfUX0^;P!7B|wio+@kFakU1NtQ+MtEXhsK6W)-) zmJq583hUlPFJi9B0 zY1PuucD#w9EJfGjpj7ro;(2CF{{RGSnT-FHo6|pVj||Dc=TN6I z*y-s>TYG|$)FA`cgI69Ipf_g9<*}T|)$v?{&S9yR(BmAu~_w(-A=1g^h;xjzZ zBad`kk`C&|8S;AIiuI|d!2r5y&PzQNnhzu37AVH?&7jxrk1l1x+qbkg;01@*v+Mpr zjjn`7LGklG;Nz@SYeE50{$QW`pvg(5XF6nin==?~Ksuhw{%ps6k#)3Yj4p(n$0{4a%Mxnh{fD0Ku26TM)w!%*5D zzW#hqlSTvw8)ahwrFi0e+Rvx_C6~>VY70dhyF|9MKu=pTsdTZmVv4XL4|yiqDEnuy zmq8^al>trg_u;9{mR~NTivt{p_NpP@z24%u)x!CmZ_pfwP|FGfHDX@N!S=I?VPRU( zwZHp3A86igl`(iB+Yfo?=AqNNN?T4y(Z(i{quplo3*TpX@W^7k$k1&I&^7%``ix3} zu?8S&UnJ6QZBpslB;7I$8aHSbm0nK%mOiWUdze$q^R&&iTh)rW3EU31pJEBa$aGOcpnWe@;VP2d>Y4Jt!CZTfxe?G@o z#oj;2uQ5zdZPIw}B!#fkSX-oIG;-JL1VRB>>DPAaFHv+v+@{35 zjxR|@gGUW`{==MhyZ5H1+u3Sxxc`3dk9^o)D7{8^o^!8*pP$bp6aOn^pBCAHn9k*3 zPZa(YYCSr}fp27nG3`mgPBvD3Wv+&0F$eRJ?s^Mmgqa1XOD%11^DuoP*~Q5k14IHoc{cbx7!F@87__K_G42o|uuCT3 zQxM&*sciCfR&*K&tu>V!($lOD<;{_P3`GGL!Jn6*4a-9oO9JRR=$xW-@Sm z`y*%`R`@Yk6i7hAB?@}bfW>bcJlg3dlJ1vF>IdWKYqt@+JQHu+X_0|mn!QD*(Qes< z+%wWOGd#fbHu6ZbEl8;Kp8I_W_JGchMNuoy>(Vrr3r^c>=!g**Q@28f$2fw%#uinh zEfs1G$8xy6O;Dw&3v}ptDwNVB3QqJUcUs%F@I&L&WB8-YPn!CtHIaO1o)Cu95LZupCPaASB#LN z#3F-v>dPPh@;!sDWb+9Hn({tkuC>3!U)PY;yf?ol8Y`p7|E=fO?QGZq#R=Gmb@g;= zrlVsbxr&Cc)TC{(*HqiY^g4S$U8AlVc`S;ym@M#QLE6jvfCPks1svg>PR7M`NGAm} z%Uh7uh!}DDXzn6}3H|`aSMO^inVGCTGJrt&XdYClE6X5?b4fbL#=u+9nt4Pu#Zn~T zZhDaU7VeK+0oIAUi-kCaQ|ZHPSN-S|A|lV!NnbvyKXY=t7_{~bEf4o3CaLDQf`Z4S zpK)%f7W|5`5DoF?vP&U6-1|FhQC|nl9rcZeAIx2+NMmSVM|r2wt+na>{0p=1sCH|> zsBQ-H!|i*Fyaj3~(D-xPx8tDnm#>Zm2MmVnq+tKq7r1&6Pv6S!MjXFP(8xoI8QjK@ z(`00|>gCg)a2k1zzj4o1GbF0eyLY-=kH!3=m9P@8`D(WvI{=N9C<-wprg&G%{dfois=%V@^m zEer1G=MDeZ9RSL5)c10*+GQ6bAs;tIgv5!nq)y%B3jyhDcLh$R%d{Q?lYkEov(&ADL%Kz zR;I^Ou5x&d!gq;(=YCV+{7L$cVE{yk=Bt#vRUF%Vg?8q^d{xp^6M#eOQ(Zzsxg+cU zJBuT?($;B;L^&0A_H?p$ujyg3&^qMRM8yfXAMTAzug>X6q57C2{+B~X&mEL993sOd z&*ZNSYB*ty{SgbBPoz(xWLCl3#*{Q+Dd8qu-pJB~F=RS?YhXlfsXg26d}}ZY<3j<4 zfvB#v(=!T*9<9yv!Wu<V^*}s>+64zXF098kXm>cAf7Gr_xWf8HsE4i_R?UX^Jq#A43HQrs%(FgDTErf@LJ!~!lRNHZz!_DO+Zll(o}i2JQjzWq%Kx-` zM?XUVvyay!WVNY>89aZoqxGku82a9pZnYR_Ukt%VnyziwA|m_&rtWa4OK+$q)5Xk@ z`air#`x>dEHjofqD*#&klJHz823R2lPNl#i})8U zF+m;_rP+d72{ieLa{j>3ZPmwlN_aDp@$JI=enSm(Yn(oyM@$Q^L!M^p>!CtkWH!o+vzg-R=lOQpqUL4#B~0kyL3eeQ zdFhE{_YN)wA8YsQ^FB!EeoG5K12&8j+;>3z75wrygTl1T4u9l`Pbl|VOSza*uY2A` zfMtvC?jn2Dc58w2WP`vr27(gONsNWK#7WBAx?nXL%a(;$52k!gz{-i$wyEdL+bn~& zSPtq`l26@)>ED1|HK92*^ntU^Pp_zVA3Cd?S-o6YOGZ|u_~APlUI~lZ;iD6YHwz1@ zDdA5&8jl_|2G?+^34`|5rgQ%nSf+K{H~&VgT|*8)V8>a=O${wYIYqXj$xO*&&y`m| z^~TR8aU4St$e1&WHnYnk+oOMim-8WkwCsDslEfg$5>DseXnz_rHzCs(c%^@J=f>D0gf-CgO!q<+{Z^y7o(cgC$ zL7Y59QaGVbsV-JXYu}OgBl(8?W97B{({;Hjhpd@+W{`qjtsr_S|yyz}>=R9}&3r?;Rq=q9$AU1)7fK+8~iPx-x0mJ_4f*=nZx^@&$|K9)DZz0G&^y$0_^G@{)!= z__}Tx5o@q;pjSzIY3dU6H_XupTmbqWM!|yE_gr-RGc>s+vcx^XSOMkgh?oZhAVFY8 zfN|_M-fl$0f`(dH1~RPhhrR$Q5>d@J|LJH}4wpuXQ~e zN!6J)eMnpo>xqyYRp2l9&ogT{@TvEv=*2#nw*9;~j_Ir-%?4#y)Z<1w>iFZz*r*mi zv2Yr(@fOMXP*8h|%S;k2*_r5#yBvEp3a-4b&{24H45OzV{M@31?mu|4!o^7HzK(m} zz7PBNKTR(Pe`!LnANBv`)BMAkWezxS<8qLnF*$X|Ykl%?BC)AfxkF}8wa47c3$4@E zV=mnLan#vTo0R{lYuVLcR2LsR=F(zzF{NWF)3@uB``T*HJ?thi`z(Igh z?GhZsH!L`3z(M+2We6ta50U=ss6S@N;Favw^wV5~if1_X4aAZcd2r3HM}@n62Yy(y z48wK>hGm>}vG||FSHTr|AgjkcT3B1|GnpX|jYKarZWI?B=3512dzzno z_NV4-ZBo*+iu$YsYy4z>4>ToY`Q z`Qivs_dhqWq1IiIuj;;U9x!3`}d;_>la)n@=r51FXX$q??aPgUXpdjU8OtKySE-kch%H9 z#6Ex^PH62hy>-aJQ_cM*AY;l;)7;f+`(X&S859HM$+(Q|?jEVi^T0)L5wqjT(MKaxUx&;*Mq|7*dRvtMy<$1Ls$3PcvVGy3S*e3t8_|=s zDdI*kL@m1%Q-!2%}NS=Ht+-dkTj6+kp{xRS87C@bW z!>u$Ru&Ms)^`d;;og6tUZr?V92mQ^+AShPla8h|Qe~mpO<35>aFbsBg&)d8+4%FTz z0`x)^%0Ptbn4zcUUQC*!@wEM)mXrjc4;1KkoBcKnFr?}BHKT8R?gU$D{uSsKWB(}T zEP20&j|Q5E2K#d|cR%wnPCL!!_g_r>=5{>YqTLCuUGh8oS}~T{lxjOMI+?k2SNX5o@NNked_`Ka5P(9BJp$E9oe z#_1wDT#*=<%H7i3^k_wS}BM|e8 zW?<08a4EO21Dcow$S=P7%Gz6W>oYF16ieS}eE}?~n?GieC$?n_bUn_ilFHLBMzJRG zTDtjreI1s?<%Hm4%C9$_&N9AE2C&sqF8;u2^4d+%{Nca7n<}3mYX?`~ zb-iLf6l0X*X!Y|%yMw7L=^WA1a_H}-y07-LQjZV@Eoio4)unF>dsS?_e14q_$Q4m) ziK7~JwJa<3Krp!d=9NS^ z{(jZS0drZvtWtIyy+JrECh&=6m=3-Vb1L7CayhF!MBN0IF4jjeYvWw`I>9e@JH`4d zRj@vrx%`M`QsABxP)_x+FvyLxyxVo?uq>5=7k^6lPohVX9Kv6>OBpwxR0E-M%=|+V z;gCKN0mckN5a3XlujjEjJwiy47?TnPjrP^7g}%-^yilq|9+bjn1ljA-%#q7gD;uB7 zr*mZJOkEWZxP4<0&$ChvV*QGbv$R785Hbyh!cJpPbfP=dOO!Tk7J;mzAv$ok{Mz0b zC3d3Q>faVG?+Q@nJ`ArN!q_8%aEBn+f2o9vrnH7TlnliH`AA*TDlCi6pNYAsG`yr) zjs11Y!$3c8R_00lWoIFwi@Cr0aMwUpNkU}=z6V8L%i*1r7v#lvFsqXhT?F4RsrJDg zy6k9ctnT*FVa5m_0AORhk;Z)KI#WQT4q8!CU&pM@s|pg14agl3aj18NF#8(HaaiGY zLtK+pJ?PW`VgwTq@0j8q)LLvq2878XJusmlQ*_Wq=ow*bZxNE#SIHvr;r4h9{=gj( zVpnv|WV6Q8bufNQ&(2g>re7?1ReX`%B#2;6&@yTz-JbOXs<);W_+gqWvg+Yqk9`Jp zzjL990F#jVt(~n;>x4W`@6C`b=JraRT4~IMttWyKG8O43lKEwjk|(IQ z5Q4C=RW#VYMMIK(d^4&I={NtH^ptaCQg?jP|CJNV=yL}d77>Ac>}*04TTT6}1+&%w zksTJBAfdCj1qX^&W3CbUYdQl3A?d!W$OQqD0VzeW^8i$M+%RjAT*tP`| zMrP;D;Gk%FmBSX1es6x5XsmatT+Qh2)x$=W&I~i3K;-ot_tgWl|Axe@#QRxoA5L8E zx(q^CRjOtKD%3OJXiMExI2j~Myb&_SheQxAlW!zuoh~ncw5+8fRB!wuy-_*GNVRgf z_@Z2O7E;EH2ywgP9nh)`dl<`w2Sso?VD#RALwh@*8Cb!E0tbc}0IQhc|q)wQyo z$prAepZ(cEv_jHrYS(+b$UWMbE+o;`OvXiFSlbMnx2`0;*3!-x#KM&|c8&JdAAsA`oX;e0{Ar4yJKqZ$}#Or+(yIEqLg*a|H`^z>cL1~tGIVFe|7 z9u+VQCc(jQo>2EN_A>=_rT4=?2m*%!pitMdX58`PPysEcBVg?V&5ODr`1nYG7H(y| zAybTR!B`m?1_o8qqCFma@@jTPY}^p4RRJSjSJB1 zfRYe1b(Dt392nM}RTkrb5$49S`32Cs*XlCQ5iFwpH%D#lzTmBsV9ir}iyfsCaC^Ux zMuh7@eqJ9|8a7&=8ilA)S8I*4&La6o`J9)*_ z31_TA++R3~f4+3yWjR+N)up}cT0*^I{H9q|JQ&4{whB9#HcPsUiXc2eI%@lVz2~Ld zyVj8(F>1m@`A?XmH$E_+phh_(jg$nbK_2Ju5vd>$>h%8i{%4bI^rMJUyUGAs8zr?V zUoBvhI=)v+OcoSae5+v7AR`xJ@)BV;5RsW8FVt8etX`U53Hgpi>h_-&G%Hfh}jjKn2Eyp5uMa~yiAj$fZ z(?BtH<83IS3_nQcBeX&2eyKnf1qgP#82Z`_ud%T+DYdKn%7_rAJ{t|K-Ilw`rXS6z zAqQ4OY+3cBL#qdP37VkLY2J~bFO?96u7dFCaF=ud3wFN87Z-CkieI_7LGsCl4v0Mp zpGB0zm6-eaD561?nMY`yat{*Iv0|?HxR>Zdd0K5b`U40R?|AZuKOiDnp?7M&z0RU9 zHp4en38r5oVe0V7x55kX1-byg{-&CdS&w^)WSAYNB86*?2__bEE=zYm$yKyZuJAQ4pX>bQB8H)uVR9w&3Xt%uc|Zw@v`C3 zrJ-Fc0?lp4xiAmdRM6b(cl-a;T%ZxdNybqe44g;@_spu7Bxo21=8>8yp%{aUxyXw} z`OEL(O5o?d^(YYcsS?-?7fg4#0w!bb8goT%|=%WSh6|{Sr zU)Xne`ZhXZKRdIZ3dH{iX$)_ZQXe6MhL~5n}yN7&VCg)KW_b z_n58PoHCpIGO!9OuAg*|4rSVm7#pOvreWs{)&jCw25KaS)S%0GDULk@yDGs|S87)r zpzNE5DDnnSdSs)|7JzlH^&5e4Bm#C87nVCU(;9a8MTMQp9b+lREz(~X*+Gx+k^d{c ziuP8$^y~a&NjOJnSS=*P`!X4q{j(>zd-1{p&eO!7I1xIx+Ng1`tKOCdyAyHpDz6Bt z%i@gTh^tG@^AJ3$_M2m0d=H}{B*L6J*TZ8Jd>}7jMZ{h-$~a*1$&LsIIM=>|El&^% zQ-ZxP{-0M>GH>)q4k-rjz(cD`7r3N8VcSpx|5GcuU|Y0%!cqo0LI0pxV@9RLnIWPK zSYv%!SKN#fBJ47AwRe?Q%7~mZKV=bw4hh@8!Slqcji+8JiL5mQa#~bZkvGi6tjOX! zEDDWJjXA>&}-#fx&dztUx19ET#%BPzO390%}W$xvtY$2sZ^iKr8-BOo~T?^Zi^V-Z9f3%=whnNu5WpgmPK;(l6G~ z1sLupnM|M)>XcG8Ua6yk4uq~Ge~-O`k*$Uin# z6+7PU*)wG%G8+>xxuRz_An7BoB><#^qP@My5OgqJG30M2gn@PckDSVGx*nwuzFo`I&p+B5hlxR3IlFL;^ z^08150eytYj5oaX2h$x3GKqhiMe*t~l7Jlln>C&5o4K_x7TJgl!F6lVj~h|jT8DlT zS#)L#^%b%)&GV{%G$3xS2ENFUFeQt$yXi$tyroa0P(B7_|G`~dW4pT2KZ?)T>n{?i zfgFSF2H^D$?X;q#Ukr+_N!YSI!Gn7_IRc*opZ;3}iy{K0m?QvaUsbJkVV#aCT~duP z(xdxg>Jp9#5SU7S86~TEPKEl7#w@uDB)ly;h@6rQ`>bi34f9RtH^8Z5k*XFm>Gf8T zoa}ske6-EgA$Ge1W1;JJ_Oj~}72CC-u0gGq&pzk_a7(fX_z!~vP2_wKz+2I4x!jLE z2@B?2=@mMy1d5Uedt7FQ4vW~2*$fDJ;C%MyjDPDI;%C%VRyyqiD}-n zl>G+Sp9KSM>Eq(>7DuS%a3VWz24h&s$37KFP!jiBVS!)CPwo zYA+3qP<0Yu(DwDXf&~u5o=^VcpKAZrwbO$BdSfFw4e)S$&q<}Dd{gC_LeY-sJHb;n zaUvxMa>{VmzyQVh_p`%71iQ2e+r>5d6}a#&8_pjLzB{i zWEvAO!hi=L!;)o4H}-`-SyE@5FTaQ}Jz~bS1@AR3kd|NG(!Q7}f}0Yj_|#uYK8;$j z9X}aGilM<%4knGNIk!(=Rd;r*JL_myZFzCn%a@o@&24=h`NH4MCdV;Ner%q&%ZRZ7 zQc7t|EP5zy~NQOj;_!$K6F_9;D ziEEg2;z~kix`=5h;e&UL)>Y%svXYpw8R|R9HysH%tpsGd1Zx4J+ zCEIQJ#fr>ll3eZwv#tn$K2IIR|H`v2KxMG0eRauU(MSvw9!NIvql5-}2)E^LNdy`O z`$b{y=0{L)Lm<>;KMkv$jCQHqDl}o5INutPpWtV%<1B1fMvke^Gel5?h0zI6GHhTU zXRN6-k3J3H=m)t;Zpl-zyi6B@T=!*d;I;Ntfe|LgBugAn`@8f@%% z^hgtkCM>N)Ln{b@H*U`yg{b?N9B0zKu#{C=#F~Xmz1eJZ@k@Blco`{l+k);+CXV&j zIP|D@I9VJ*fnIH{f_N>wdH)!!O{spY%1esnuxAFf9R>Ul&FoHv9M0zYGAX6JOxg@0 z_!%bB=tcU?VHv zF2Fck17tBX!Kvv)AVpd#I;Bs+4xde-S}?kMonmYJD_-Gz`vix!z4{Y7F1ie{RAoj?E2!ehu}GV*feAsBcvu=y9GO80PW)pYKd_KvnMHnBCr}(pJ{r)WLg`*-KtN0 zR)?^=dpwr02C7@{RBD@?&rULDOI$SE0~=C8!iya)yIJx3n$uQggPTP(W}Y~28|oyWzC4e}5!5Di;Tt3^zAr$u#%X-O|Po-<#tGH){C zSKKMS^WVi&NHXJ!miQ&R9OESfHBApYwzefij8)F}+w^R21-~iMpcICVl)ls zXP52nT9?m3;?4jKravushzg7INC%XfB?WG^YkJIMM7v${1C=gtUw@08U$-68v|E3R zn>K7U)HbjkLwQQT&o9?fU3nUEjh<1dWffr4-YSVlEG}ZwQD>Q*S*Mc2+qvPz#9krj z#*HV*W~5anLE`Qp)g}l zVX+bVgs?zmWRJMh)TiYQbgPt+XuvsR((Cgx#{; zZOAaSqIK*q%%FQi@_F1Q!lpX&gIf~2vK7hMQG`CRmO<4|(;1;wuY8Y+;`ywo$*ep| z-1Wp~1uIz2#(q#7Glz{-zJ@XEss{~*KGGFOseJ^2i=M)6BWQ`DOSY~)G=`*%ZnwyK z^~WzCpsNQ{e>5W7tV*P%nO6K*52VG7a)OqWjiX1V^mMJ`7FjxqGQxw1mmBwY?y-%0 zl`mD@st&Jau?%XPbH!LQB=>7VU z?c7l<1D%mRv$!PNog%jSaY;0ZK{iSgoZsNjF^X+HmSh#`u40J~&B0ZoERp-+WsW`s zCWw&jybrxj!(e`h_nIh~L4c)_2%~gq-F6Q2r|YZ{r(0RO>?4R5?%>wx;j7U165<0V za3L}ZTHx3~2ut$J&p}sC=8nEa3VwbzFQOS7u_PPKH*vzYn73DPu93DF=%~^#BKgIV zd!1bUlVob~3S%hgKP!+yRj!?IxkR9k#2{x5ct+k%;i|p4Lj^W57plYg6Q4>%j9=tuUMAYDSVeN+yg8$3x_so44AlrKUa?uP$fK9q7En7X~ z9!+YqnLhU99A7+_uvA7sm`&Ctjdtt@S~w`j$n%H1KElC_+>8(oPE-y_a4d(8t%3tb zAB&La+Jh}pL1XQobi0pRNIUgKXWvv@_*?z}O7NJ3SD&=BUnB9dw#|(#*xMz&cq)x5 zQ}6VsJ9wjo^9JASF}#5<{5h^lg!FA~o((Qe-(yLRdqYlr=W-GK{(=J@UUqbJ*^v4d z?0e>*AM=Yq{aSn{KSSzHp59zh^})%FXGP399nYMl;B*l-s>$9KrDB0~kgA!d?*rQT+eyrL?2-y;7+F?OZWWIc_my8& zJWhz@#8O(UC|z)kqUf_&LCZUi^%iWYf^7liGpjN4y04r>9Q_x)={S5ZaE7i>v&f_g zGxnQVtG9U08Og3!nCZ5ySmA>cv^6qnyW_lGc{_-j4VT}^t);Yq^E;ZBWGGf18yZ5H ze1s8IXP2eegr}o^tzzH4A=ju8J(K|!K>sebpO>m#*~o=u{cm0OvHrW;jEog|6gu`O z$NiVOu?!TU--EGrKR;1|EzRUKf7-1XGE%~pR(><2>#H;RM&(f>8)mB&;4^noMPknl zGfVc=PXXGr>e7qfiWHc%wzjxH{GOdKW>x{}!ra*{w+@&(bTgNYA#g<+W0R6sM zOMetoM!X?R$rLy9%MCmzQb~1u;56s`Rmy(~`er1ouh!~U6eXnwPiW6d1e%TvFA&Vj z8IPB%HOARQ#%$&z?N{kXkQbHX-wdVZn1@HnUZAdB0V;{k1XIg@Hg<_RlFvP`8aSpk zpdOrsav@M9^~MonXIS%z&#K-CwYWh!nw%;t#9%~;Pu3C4S|a5Gwe~LbHWUV-KHcCL zsaR|Q;4D;@Z{uBqt!39rRfKep-trpUhwUZ^ifENif%hY;Djbyk9(@di!w);g!|G&( zC75bDBT4=-%p~3qXm$+kGPp%;Q6@=K+CqGgwk>0}g3n=^gVH?=xblOmnSLDLI4I#D z=mC{F;!VW3_4SosI%WR0QavRSiJCfo&}PEc2NMwu@AynvejgQff0N8OCC6RI!J2Iz=1uL@X{^2f_0YKtEJ=pp{^|k&HY@w1T=kFr56uslAQ@q6izk8UOEBF0s zDX?}EVSn=cc~ZIb3tIZRvBxaYxX8mL;hEK>`3G}bV@6FU?%;eVsVEEx!r!vV+j!ZD z6k_^jyfPSu7b3e)QNzww(QjaT>ienzZFWaI){!2j3!ir&6sd3x?Nw!2OL8U#qh+z< zlK?5fuVWH{`r~uW+@_ugZv(D-Hk0_3NiclNyd*>t9{!kDWq4f}FX*kg4;rDdoCo5t z8LpE zP6Id5LtD$@mBdFL=)+VM2fgM>HJF{DFWN#fcI^*n7|IjT8Kz!4(33$Xf&!$$WejQr zSZ^U5_50npb9q0cv${&9IZUMHK!Bi3h6b{HF*Kcha^#Ep1w0cESrj|e%~`kyMC^7A zzu=~y%xoF(st5a%H1wjI;*F@xOlJUptMs?S>B1%}iCl|7FOEMn+}9c5<`{#^5{d6< zTK!NgS<@((@rm{7@k5)JjHXJ~MHnp@!CbHYR%xr>TFoF=&c321%k;W83tc~~-Huh4 z%khI9aP9`MjI)CC$!Vr&XnM^m)Ae00`i=Kvq3e|zh(ShGu3}T6CekizPtY*6C^4)X zK~op&zJ^X=8V2bV#72}ln-Fa9h!y%tL;CDSyz?QZ+n^*qvsHttj8%reVudOA-} z_us{L$i0d$9CuL^_AzbhL2eH2w<5$ihH}ubRNeO@aCi3W=jDZuIEMsrzPS04G2c<0 z2$3>He2zxD^ppWcu<vdwP%QBm$W zM=-)izLpY)p;JN8M0stnQapH8olTYYp7w+S1C5ZIheFNC3tl~?F6THEsRIP>wiKNE zn~*SW>`K4@SbMnhV}`){6w8DhqR(S~tO9XjFQjY3xUCFqg;Kqetrnz=W* z&;MM4zlzF`CKWhdqUu#kx!rr5n^T7fZWPJ0%Rx`LtQ^r!{=BkFHU7n% zlGK2}uth%I$=OFsbwb{4G4e8TXxO3_HV`6)HcDs!3!f_fie)lBXeE%3e3_A+kwgYb zF6lC1i#-kLES!l3zYJ3@+ZfaGy;HPX2^D;Ri<(-jE;o@m;MpWQ7JSB+MJ~~r8hY?8 z`WB|+Gb_PDO)h=oV-f~GGU~$tm8rE5(>Ede&)5rZHMj{zVCgr`ueE<7-}#tnwLb0- zX*A1jgP!O)BPNf@*IXVexV*e2N@GJGMjr%cG#LgSjMJ}@_w!z5VFIs0NbS;myCDtw zzNHgkJ$ot_`}!@L;Ag^@GKors>FS757}+GTu4k_%*#tg0?RRu>THf@yAGdUMX^5Pf{;8gL#fdkXK z2!T$!6xFl8(f}u0TaDhw<7`6Ux8RMZ7nljKL#BGly`K;vSl{Bu6IH{&r5KV&k1^Kf z{|OQ(Q(Q-BmuOT-{03Um$fKlT`!0jN-1$A-4;dhxT+b(bpCrB1rS*7odi!8h3qpzj zmW?|q6EduP`jry#^ND>IwK^zIhd`_aTi?NO8Mw+2Z9itER)Hc@sAwADv!+wPhx*M9 zE$1@tObrJP{Y)a_++e`Ru0W#SNO-B>+=NKk(k-=X#uu6yQJ5BS2OKfU9DHAmRgv(OY(80;}OokgBv7jpL-hf-PVO(HQ zz(@$=Lzq@*+C%#;uRG45a!@bnI!t;|wK8$xT~Z`Fb~yY{6L4J}cGBK4ZKCA-dHD%0 z8Qxx+ve3}*`zMFtlCvZY49YkfRJzKHQ?RC8onWnG6I*^HVun+gV&yyQ zxHa;$w>NYZvq69>WFSQ1u4_(|OSYj3olB+}EO(6?JCm%rs!WY4PLTn1h|voiqx_89 zIX=EmUG9)D0t|S;9+3jR`SZzT+rHHxTm+7Mn`Te``07+?eBvYYu254B?b>es#1f zj2MYf$jc5sD-oD^B&swh;~n6eSIvOh)OMzhU zL|o1v>8Mcz;YWzK;uzRuq^VqO_C_ARZRCdcmJ`UtueOAPI8{dSTbqid%|ZcGmO*00 zgLzz*rNG`WSWZG4*Lblp9_k3a;IZ&vv+>6?-$??$PE28qQ)1YIx!#9!fr*Q05z+r) z?k&6GT9>uqKp?og6Wk@i-Q8*2f(3VX2=4Cg4ncxjaCf)H-Q9URXRo!+e$M&>@8ClZ zMs@crn>Fh$x!P}cH}k6dUXAT-&!#MSWt=f~rU;8vHHUwTgM(Yco0U|akD)SI@F)J1 z?7SYoeO8Ez<>rCW#qAy<0Vg7+b6fc$;H}wuN1B!lsFafXdWDJY&3wU`2eXA`*6MZhR4uYoWM3NtO*5hcO`@kw9nux|Rtrw044_NAGZ#5$h!Rcr?7+oJ;R)A~_2oA2RmYUi;BO=sRRT-PO@u6e#K& zeO>-;C0eJ=;+6Aq1gE@FlvtAgE@$hs8|An<0<&dWw`N+$+QDY{BC|83a;_OTFCin; z{R`-8!s%)azsbo`0E}VRF*<8CP0)6_ANZ2TK^R5_kuD&g`_PDgP01uF{PwVa(w14V2<8M>8>(7^6-bnN!4FXE5yT`}=OX3>e z^>`f%nR?fJ1H3Ji6e(YozQQGR=7CFRZ#UBiyXlkCo{$=71Fn#H@YF zpxvzDgo!QDVDHTC2s9m5N35VQ$<$kaX^f|*(KqJ!VCiRJWTQ29#@@-ci96@H zu|5BsYcS%i*-s!P(B624nRwF#K1YDN@nrdn-Erw{mdD)7)r)feyoZ#Qgo6!-;0_Z zW{5h*R;hXu`Osm5^i65KSN%sgpB#Dqw_ii{XUycoyf?gGc=%QL+PsTAudBm%0+C!K zaqn{Sx&`(*NunWJe#B?%#9)|!=ch#DxvofAd*a27K0T&kZ zaE}fy@haU0m8_ITjW@q$RJ>fWql*$++TkI_S4h&jovZw?9d#;*(yq84-_#PR_ELW| zf0>#5F5ZR8)U)utZGeu3*tST>^qQ)m%Wrb>VJ3c+nu|X>?{k)28 zV!0$9^`q*0Q@C_f=bb8600_VNqtm^+8n%;B^pD`4klxOwNm2jU?W=D4IiQ@9mud%r z1rDR|MH{Rbybh+z(p}zLwXDrCVIo@!yq#i3E` zjgZ>dB)t1eFMhhSF*t02JCa80<0MZ#00!FgX!lJ|A*qCdlNMhTkPnPdyGHK_mLQqI zw#x;e?j%HDH+_}M%A}2F;x{c~{4&zVHPAa?@bR?k8QxFaK&2;EAxU@*hf_TcJdlBW z?HCOJ%kv^y#o-kpLl{ecopc@(-2fP|ZhBNQ5yZ?=%F8UXdUU3VI)PFX`pJ*$K&GeD zq(PX{sj_Ea=1t&d$4L1_piL3y(tf0-&wl*mbN3@3+1}Vn)T)P(wq4N+kUct1ZQmv? z7)TpmJbxbB4j}eA*SeAs=YKrk4&P~8>ic2^sH)X(=nd>8y&V5h_%dH^GT2- zYJ{PU;Uq8|Ui4axN^22CcY!&nf5DoPpAv3zRScR5FWhylBJeweG_2hT-j5dN{jytg zFSRL^T;{L902}S8hn@#4*7wfL_tO}%@1E7B4gfzp2cEpQUXC*o;ydTdSO=0 zeeK^F#tUa3dDll=zAjYX2q^LiMmmmu3E#AT@yGGs>CO)x?%iC^yYlwbZay*nYlcP# zx=VE3%NR-SH}wsxklz&qig(p(Z*@fDD7`TuDrGslpgA-V5bcKQLp=5b8VxTWZVCT7 zD}NY+^-BAoNkBJ@OhT%eB5cqAS_c*S6mKcm?bTWE-uW(yzoI)v4v9(VjaB!j-P)%h zilt_#Gb3&bbT}yv^n>7C3TahMaP51ZwFSL-+mqLOGYzv3z%g6-74Y3jjhiOUBc{n5XYqwa*=;hZ73ZW`J99_DbjjiC*HGTCJx(mW>D5`@YN%L7mWDh za|{@{AymW-BaZm>I7+B7v819#JN9V@Kq6PAr!sane@}vKYm?lReRhLNv3oR0%I^JA zo;com^Xl#u_t4TYKhNkjb(1hkeBv_AxI~Gk_1uw6k$|@1D?JXiv9MBs^epsXg5}wj zV%62mTu%`kjr9`III#eykE62=c)^|AGgc=y{0jA1plt$DB512wGI)Af@%_7=;gU|L z(kDUw658ch2?Y(3j@aRG6W`bAL|OXKO5W}XmIs}!&TW31-ta*Sm%Ac1*fH_*yy>%7 z6)0(SNV)>;!gx%nq~Hm?&!7A_h*)6eZSO9}vt0I0vufPcVaqM>jCoz{HEix=_tK%r zi=q8B@m~by5?@ZY1M88Bbvkj>YvFSjTU{EnE57 zriJ*LH6gL#x3wVyx2}=<*kY0F-`eqpd#yE5lqX(o=s81`$=Cv27L6Egzv$T zsu|Zq?atya=d1jK`9iboJ7vSg*CI#E3D_<675m*zyMtxT6$Z>~;n44g@g=xCEx&Jj zQgVgS6Y88q;}g@Oa*LJcOsENe-=}voGc1$|bh0d#Pt7A9+?~+h{uUjpNhb8QtZS?u zkhj;9Nr~`dFApy|PTw~1NDgON%FrYh`QWK;BeW{^NsR2R9b+MKk^4Nh z>f!{Ee_lRYH0!3zL6(hIR@3CmsnGrrEFZ59-?qtr7`MGZ<{%3L92{sJIGNsduOVUW z$?u=F=D)A|Wj(t+O$a}>c<{uLc;2_CqjFe-Y86HaQPa9Zz_`n{; zK}GFIv7I&ti=6cT0S<97>6>%Rs-I8ODls^5<<`wzkU2=m3M_XSo&~l?i+(uzx${*U zyp#uwWvl;&=L`2$j!NwHE)Da5!G0A5ry0+ltEXL9M2|MoKy;gA#Kg^JRNI6{?#@(QPr%M7PJvtZKlc_!zcHwFrR}=BE>eB%%UQbRhl#{=9ZHT2%{^&5lz_5=E zqHW4{P%zyYFcNQ5o!q*Iutx%caz*kbS_*>L~ia6E~wfY<* zT$ORIRD$4NuJjic74jN%3JJ#AsYxL}1oT5<&QXh)2B<))YEv3VQxP>E(o994l8zGG zM}W#qNeLIu7xB9+RP?Mc!*HP$iw5)UxhjZx% zTI+xHrT_N@IT0Gd`88y?Rx9@}aE|}x<^bbQCl+IoUitsMH0ZyO?;ujx-h5px-v2@9 z3lgX%{uTzP?y^qB{TGRa6hvZa%t~DQPkrvc(Er>aLA^M4NavBijP+lnJRA@yulcs( z%T~*Vjz;KH7{-J zzu*UNU_rLIg*{0s{TE5(D~KfOaICTPFFod{Av1}VseNmd`4@>e?a#bin%2bdzflX@ ze}HCr+QD0m|APDaOW;2*QxPE2)T+Cx^S|u!{~we2rBq>dG&gG;9Um9!b$aW_8eDc0 z|Fi+}g@%U41_T5!xzPXBPx^05gZVMgDtX+WCHD7=9RfQ$6>ylA`61w2Uwg)s{^~OP z0}1H`^XJWU^>t#+hI(ZZEQx&=;YIVcwg1=cPEii#@u};I>Y*lu{@cC(XWn2VK3Jd; zy;Po%N7e9O+GK)Q{^PJ7GIYKF@>h62M3C{ygk4XH{^bqW;HM}YRAC9}(tY{QaAV7T zFbKeGi)3;6tJQ3Kb=-el=fQ}0vQp)_1so<>97!Btuc@i&_~=-rIpC_T#EZ&|_?{7m z&Omt1Jnjqj@rG?;DBg$1Whcq>PB+<^b-c58dZ?up}DDP%)^7LO3Ny*OMwzP7FO}4xrK$+eZ$uGMoCG@ z>Dk$xJlONE89q9nlOlaaSN?4;cs~V*?(}FOL#NF&RU#S*_BF@&45xVw`)NtaAsEVx z9G|wgxoU56I7~W)U6bSa$}g@L-`uXp*j1WgOsJopf$t1@&&vydTo{!G?Cda{$CpzZ zpLjw4Pt^QZZD%dVMsF{VmBUz-D!_++_MO6HUD)(wew!@iCHK=`3p+toqic2f|FQ%KvcX^F11slZQ^mAz@?>4@*4`t96hl7t1B??CcO@3H0Zp{`x+K%lY=Ot+Lc| zzwVKE4#(J*a~REi#^H8c*{DgcV6jk@cyx3$KTnF3l!$(GH{bzSRTmSF7_oh0<{Q!p z4r*p`X8Bjt>A~`=dTep3c^kK9v6!c8z8a=g(a6mcq@4f>O_TjNYO<3XOc_@$!mRplwf2M<;Vn+Bj0gMW6*e%X!(%elOJ|%t5&T zjwF$KZ;Yja5;TGQCeFvo%Idz;3@n^XT={#z>3?Ict?TE>{4n&~+-^bR0NB8~r^(%D z%&c&R776d0e4;}l48rLFA|E<{ZwZ;A;O6C$Np>PgaSB)0*II6-MlTAfxq*i@1BA-7 zSdU6I_GYE%Q{=X@C5mMy92TfE@$4AHMLrvTP&b2a>W&CJ=WW+U;~AW3W8CL$q}3fy zWvjM52)OSJE7tL7@;r)sPY0x9?7X}>RZUy4sT_8BJP#ZGxQ!(x5*Wf)IX`w2q>Qom zikk!H>8YYh>PUkw?FHT&ezsFxueU3RLDl0Rm1?qqum-W2F31;{_V5x2&4x&+c(GaX zGrJ2-+@7AVYy{o6FxhyAXH}Kd;JE*9xC!P5x0-fCnoA6WqgSZkx`+;wHa9OjS*#Jx z@;KvEv3Jc5gTf%BVQF7grc+-p}&biIZlCt*@_lmVya+nl$6cjulN46FsJ17bXYtRgn*}s(WD?TM9cQw*OE5)c#DxJ zR#ckZ6g@~-FP59gQ+V|=jDY0)WeF#j#W*i}A|pLC+V zM!iS-iBj)Lz}xNILFg?ishU2%JjUm6UI(}L>hFcUe?ojV8HD>RiKt)N@WfVMxQd`X zI9p;$akjVSy4Ssq(@_3gh$?N%Q>Ob-Y1u410T;loI52ESEsmw@9@Ov@>7&lr4Q@+q z)HKNIRk3-Ve*LMYqKw4K< zS1jXW>_EEhf#_tSmkp>RslhA$r-S^Xz5P|_M9Il$6TAE`tTkk6aq(>`V7Z^nE4E%_ zBoP9djSfpCzgU}E$0SlSIQz;Fq%wxW=yKvY1uJ0DHv2^;H#l$=q@eRwq3rN zXHsh{-42F*e@RGBq*%~%uH~1|IcIphIhkil_P$Gq?dIpl*fAz~rG6u(68*SyUKo+&lOyI4_@gm_x!ri#Qg?{XpS(rs$xbWNx~Cy@H+Y)Ya~Y6R7G7>{WRn zp{79JD1C|1^?7w#OAgbQAEquo@Kyp;l(fZ`K-djA(I`&vTu0DpHz`yq zt!@vmQC8dTJczeoQR_54#CE4RHLdnsA`)R{IW*BYF?!jSu11txg_$>Rrv@siC=>A+ z!ttJd2e>+q7o{_Y-TQ}80xBYch2ZnN-T!T*7HG9Qz= zTWAC!5azwi3z4CdHFzIj+tfm+cI|Q5hvkGgH>ajYkAs8Lf|||G=ce#bOis(ruI7Ce zpFNn|aYL^2;K%R-Fr31eEWE#kG*c{}jPvz-36tn<7@VxF6aTos0T%=mEudtGcqjRvqQ=1BU<-)EIixW$GZ_Y?q zn0&vmaML>Sn=;qJ6B^;p>0bTTT^<8^wgue8h27QOO{vNg|C$--LOy_ja0kS01>dya zuPg5s(SoCHD@*2*^z9Cm5>HiD=kNA#4$BlCgzLTJY1TBQ5von6e=!a_qjj2*Wv6BU zJ&OugfB`UQfY7IY_KsXL?C4>PL;=(haT3O)saQCdOYF05 zb-qsG-D&(NafVRB7LNW+b@_5-4~RwJ(uA4p-l|y3iam0me#Y0qi{4%l9l>~i{MZl& zL{4$LgUMVj->nC+Fe2*J!tHM`l`EcXkJg(G#6v^8?uKKpZ$)G6E>%HHgA-mD42_ zrG7OTX77BI%?&45d!mA9j-54!f2lZ$$pcz=oJ0i{G`WW2Yt%C(M%N{?eU-uXXp zuzuKvA>Mo9!U{$%tXkfK?!)w#eg5~U#OL9W5vT3-=d)J%ePzW<1MRBGeL91BZ$$;8 zbwC2g!g1&ObEom*Pkr~XFZQJ_G>(9IKFMK#>GR?(R8L0oE?k z@m#Juq|aTOECxn&TA$%v^mF$aBHtfC@lgwFD3?6rab|h^9u`Rb_M($!+tw5Kxcxi< z+LCxC1C=J6#P3=4i7VfEP#OC-%_}|C?9XV1`ViDyBERwfqsj!*NhBg}_T9psvPsA& z4+_p*5+$Q?NfJfZ14Jiwg77hx&EXyo?{ds-<_P1f;!UWmUXQbAa6-4Mta5+p^8o&J zL;NBbgl*OyQj~MMf(%%-dSxf8_5`cym@UC2LFrO)kM@d}Owx_4c=E02Q0piQJ2;8H<#;@kTWw#^ zKE{8AUZJMtW?EV$chdoc5CPP2advzR=y%wx*L3Khq+ig^O;El56B}D9!S{``9L6~X zC3UzyJx%C<$~kM1BM)!xVp~fZS!doR;%9vWk)x#&&CZ6n9pT)yQqKJgXa7_QyfFL* z`PiQ|47^z+-;m7I)Iq9vRGzXMmNO-Md&yLqn`4o~vF8yQ5%cT4bbJhgbGS!r+}54V zzAjL$SfLSrTgb27i&h)F==NI#EW+`x9$DOmMtsP|n6A=k-ErxB&ZJRXl|Su|%X?AGvX^xkqL}D}NsXXd)ra&c9Oiy^<)v3DhUF8L4ilaj1 zzui{*z*O#6U{$K>J#=H;ybUMPIvoe+M{!B5yX_M=A+^0+jX3?z(tFv$I=YjQX+GE0 z&`4eNem=EdwHqj{9jsLhZ9AzQ0i+u10!$YX9o34AqhJ}1N1P3KDM6XOXOl`_lijxC zI#r^4hr9+KO}Arwfr0DW<9<0t)}}T>;v=d_i;O*Em%{|F+Dg=l`XsFQIrv$%INYX= z%NqG=YcwHvZ(8^VoPUnp!EoTbTg&@U{y#)ZVzxVp4n2LQn^`ua-aKD+VXzhgosuY~ zy|B(E1_BA9#MLHH`rK+CqQc4fDRs&ZyO9RCv@*L%H_%Io-X8|8X0qP^mC}@1t_BuH z>&19<7-*=~%>($5R{QQFwltsWCG6slX{+0mAl-r-^f+5!y&p&Pl1QU@lrUh%d&rvG z+~mNrdquxXSYP-bn&RXK4mP7q!-|myE;#n&OEW$;pSqVPV)`zVjZo$mHb>Hs`EvJfGA}B%OQTx0aRstk8Dd zALl-weHcv-+t)D3EDXcJh*{9}kX?&A43i0r7$$H-$HY8ZcU=vR4kJ1Y#L|t4m*bLj zQ}Q!twXIs5uhhc8qVWJknUd!zxsT8{4uT#hf23Ej$%4gJnNzk!snZs^`2m)a1r|?vvC!& zDT3tg7T|62JQgYjA_I#s92y3xrk<%;8m~vg)t>_l0PGuY5}igKUWD@IH^K;MazD83 zhtS97$8S7O*Ty_F%#O?jd3WvSUhcGY||setYSTuC_eN+o&z*ZTG1A0n$}g8AJN#!16i^iBZvW_RjKpU2%~l~ght z8d*y`nru2WyUh-d?B~_}*;?`b9cjXP^_rIoyqU=_qN1Tz^5I0G&v$m0DD#;N(SR3; z+y~Q~*MBlG#UO!bt%AIYH&ty=^@QUCM23J2*h{s~Yq_SasbU_uP+p#}Ads2|KL0{j zO>JOCHE;Ka$VjZinpUfGWzZBsl(qNc<6~LHB*F@wrW*FpdBQ6PhYsxMUM6wvnixzv6XR`O8eD)< ziK#6j)?omeoC0~+{%E$yZcm|u10{hCdv&;VBpHoml(u{SE+#VIrpe&*WiB~2?^+%D zj8pW^uxwvs7}@q$`eW(cXzLX18~<`dB``w`({|FRRnxUy*>K!Yhb@UJBn3NT+y?qJ z=+dUCJPF8jDOwDE1CgtHD1@JX!8U>k6T_k$B$4d$ohhoz(_RS*d^=zFQUWeo3QY-i zv1zJveNMA>TXkKrBJXlj1Rzr7D2LjHApt)FOuu~n`U}|P0-H#Hx;9_p2^z9SKhPB? z)M~I)44;h#6$Mm{dpCPuBpogC!9@f!r64P1(6>rs6qa)GHWKKQ{Lh>n_C}|kwPk`; zNz^FD!APcH#k?JX`Jn7${iT=7o&iM%Xd0U@^t;m}+e>vHf_aphRpvZ_W=}qkn;1g^ zb>@*eqkFUaWtb+BG|4}Sf<{m~H6e)@bzdR&z+55^d?$elp$n;6!$mVKEIb^8bW1Q< zdOUbbo3Rl$Te(D=6CWuEje9;&ifkptIzA)0?@a)11r(6B@>c#y6GPk~T6UKQkSO^R za)~BO#5a*ueHTT!y{m}mblNpK?gy}TeL9_@&=H2G-8nzsAPbpm+>(Hg*NO;ch>-hN zxuSO+o{6$Ew)jjDL<}Qh1p2&PXSXbZJ;&Dd+O~p?=i8}L(FoKl*?A*jP||Qa^5&Q0 z=sX7@65!t8D@tzN!LYBp=3Af1jv(#t#c-SlOM#CF=k-NcTUqNOClb@hX881qQfd*&G8OIfF9&Nx;nU=_aRP2B!h($8VoJu(-<)ffvdI|^R!9t zL3q}a9)Oz?+ZcR8M0xgwa9E0=YEu+L8u18W<4BK-8f{0&7vTG=Uh~`2@jJiA0$7TQ zQ$u!4`#nWCGPH+3F^w`xFW3){IrDNWE34-Pb1e(dpV~2@6QI(G6g=!Ba!la~Z+B2k z0GZMG?{~ia5lMz@N$8kMuOZHh-F1&Uw{e1f&U26T{CO#quUt=Gc?%s{fCm#6R^NV< z`OOr`_GEB600<-vmb}Zf%waOE8>`Z*XhX4vC?fqQyP#%JEgCc$!%x}9iN7H;L1RO} zgJ(j5Ed=-es%OT>w-wO$Hi-r^i44uonzN$5i^7cdAGjK(am~YgRc`4SSP@oHL=qyX z>?q=^jQ;SPwi6Tw6$e=cyd)4jwrT6+yeRq&CdGLmZ-xx@hOe!xVwHhRD^-Tw|GM8a z9vlSMq#G6x;KoF+GQsiF1bacojvjGlvIY@<@j6ZQ!Zb1pv}ECDQSo*e?IVEKnPW~o z7Ne{rY=$v6QQ|Jf%3kz&DNiK0pYWib)1@KyxbWrmbq6`tAjn{YbYE! zPjAFqZ(>2jk!M2NlszH+v7#{(J-sYWKn@`EI9|e3Vkd-F~^pL%1 z!LGlQo`LO$c}}|9YsI3%4zfW8G8ifuVhf(bo&McIWFe<==hvZYN4s>mMkMYv)$!*%SxkAQN6Rc z@BN3�yjYQ=4|x*yFbYmdHShQc(welepxl6@WMVf_{rGk2!y4mN`#8{j%;Bw`Eb8)?6v5oBBd*u18IC;n^UoQbV@IAZRpWK!hZUEn*EPE74*tG> ziN*01T#RIQwB6*$8su4yoDd}qO;6#~Joq1J1#=3a7ga4ASsFr3kbe>@ zs4E3Q0?&js+!Fg1GH^kzY!&%o?yW^ao{+Jy^gh-j4c7zQa@&=z$;vDOR zW8*2&%nve(uzy`bnHa=d@qyS3^gojQ?-%i+FqL_ohBi=-{B!&K4`Y7}dw>p&O)^K_ zQsafE|J4-%9X-+Dx~hkYz8Zir`F5&>r=0e$YrUc{iIlxEyF8)F4=+=-)C&(VKdigN zrt0KW{pxIC^7)JZzug9OuVRDMiIt(bSZlFY)>nYzEIo#V!}XF&)+6FWQ^qaPZBDpjbzUv3Zq}JC#$m$mn~F^q7=-`W_CG9_ zT+$4b&E|a>zeG7e6&YSeAo~!sq=mwHeI0-0=pYMNegn0YDn%czb&^RLDBu%S=4_b_ z4!%NxwuS$fp)O)#=n}g!9BIz6_Q~ClgwGF^4mR_%^CVQ0NOc290nv?==Er1SmGP}Z zegD|8(*FbH`#}YoSA$(ys;U*PKHhgtnrZAH*<#ku`w_mM-ZH*^!Kr5j*Xdq_(1Y^S zNm8BvCN4(3I)+=S+FWgF***6QudLi6q9#;TaMsA+ui#o4=u7z0+T2`fqf#mJVLnXC zJrZ8YqE7-fTFj>mrQWzpgcOP_tLlsHmdpCw9LDNaL2a27`Omm%F?%N6eculQ<$zOZ z#Cx%rXbn;)M1={9m7$s zU@wcRtEK`?f;%Jhs`g8c*!*1{ZpRsAAd>_{`bFPV`W)Xa8qXl($nK1;#_rk=4G zDBf)n6k4s!fZ)I`ozYu+uloLGFPiUC%+MSZ;6W0c-#a-(E2(0)qU$`}_a>-mtZB^t zeu|)id51RzB?AjjJrE5B#$TzZX@AFX5JjA0fZJpfKRmj20~gS|*9or>&}cizl*jV=Q^sE&i7}{ zy-QZt)@%<OuTzi`{2E_F)Wh3wpCV7hVYO9iQ@s`^E2 zyQz1)A>SFRZN4b_PjYi2&gG>FZJBqxS2~EtFyhU1%>Sr5AN)sOe?x!=ux|m2p@qo-w!YKL{n>&*zPNFIh>xNAbbCpU zJxQ$C0#^C?V(%zt#1Pkl=MaWt$NNjGxmfx}jhHPbTkAetXDFsHJ<8%=%*_IlA>PzSQK`-}AXViA}z& zt?3YSWEK7R6Tb{e6v)L~B5tSe&hg@?q;jQ3hA*dn>>gm9hS5?W1+~IIHAe+UG-dJp z^10>G34J+3bC6d&&aa8;qjlLTr*~_z>xY2&^pH1f>2E*oC1-9!rnC=l*lPTZOzHHK z(>`qo5oMVaN8PsgZxvic1#Leovw^-i<;XM*RkX3A==$-F$UiFon7cirm;H70P4oG3 z(3OkG0yk)h+k)rV&EXQeXr!@d%KL7!g)efhFKu13=&m@MwcQJctF5NKg~viSvahk| z7yp8p6M<%2N1<88WeQ{U>4@2Qv>C1gmtK$=yld5KI%rUpxnpjrcEfBUFK>$-7I zpSMxor-h{jpJ3u`Ij!-wt;W8dX#3E?tG?)0)>mzA9VlIk_q~_2;S~n@x()6C(pzt8 z6lerwv`+>I@H@EnGt$E4eEY8>U zV%Lb!j&xZl$p2X(_5F)Z4q#tvlK9v}lQie`hP5tN&tZX{s%$NPap6&hb`l$ren`03 zP&+d9Ze{_#t~&dbb(vxYkxoJ$Gwbx zMFq>u$CNaP0L6;bg(S@&gKnh*wAj_!*i4wcUDwcEJ>1Hil)sMwR_^?U)|io*M24B4 zewUi-$8R|bdke;5XK+OA^kP3ex|asFj&phDxEtJmKuYjf#$3p%AnN8;Sx6cFla8E* z_>yQD-LIO6uYZ=~&Yq1*`K7Da;H2olr{y=*{*lQ*0V!cPXC1j@Ubu;z6XjfqS%|sG z2LF3v!sgl|aARI0K4G?u{7@F(-?t8wF(uU9e+!<~bDTEb=DE|r4|RZbkGyQb7)O9N93UR5hn@b`82{EbwJBsR`R)vVOvSNEg2G<8m6GSs}) zG9)mKM}~kM6T_gYl~ppKJqhx8flJZUr&4kDZT|Upn%qDg;pt4tb6M(@qo)Po-TpjB z3&Y*x@<2_HR!>SJE0UL$m71L-XFt63?>ADQ!S3=YHv4zv;o-nVuEUfrLU{)(WK&p> zcccmRKd^^>=(`2%OGkuv@B1_%e*W#9DH1UOhT^kTp%+3C%LGO#kDD{9^XE)bPXwOu z)I1dQv#-!tz158JERz?TGEhDCA)}lI=lVMznGp-02*5Zft<%RL{;IuuxSfvuKdI5iDsoODpG(DqHTU>A0hNac&=uYVOHfgfXh!c`ued2*Bveji}Lb9w29ibMMXCXkiC#_Drr)69qU&iAU zYf{$Romu6=ydzJe3zvL(=iG$*ILF-r7s2bHqlcy1t&dKC<1}4MdP??v46~q&2$OY7 z0hX%ul7A_h7_4&x{CMKdJeH{(JUAk#kgkL{|9M=6U|h%vla+%(u1fU&XV2B=#3k7} z-L^w5MK4>$OUufMFgQepm+vh9a`C=_L}wY}*A)8_M7&x&=le47Ah=M$uD>5h++;RcnsWkF=SoD25~S?L z60Q*oB{Pije-E}F%z1URop=?R9DOIsY>Hm4JpydSc%9WeUqD#$G9eR^WsiG&tS1Lh z*!)TT6OoB8FE4Bd&f1|+2#x|{1c(wwmP_hlofR;~q(hVvCDP`tcmv2SkVqCMKJub= z+ud$JJUqFEfyG+iD$!)&E%^G9DA`NmTjAZ$)5ISn*1D*Dw`P9vYQH=z4oAVr4p9_# zr)BL73xmDQOD51yBlV`w7All}rs^a-!F*opdLa?^<)DNiRc|)oYl*MF4u3p z>1^5$l<3*u}HG662#uT4)8C#g&GcQ zdi8AOYfHx3TGBK7x_QGWaPlsCsm66y;~vh3Bi3A2DVd(7UpPqkqe-x@n!&Aj*zmB})cD}08n4|~hwogAqy9h0t7;MB}WD}Htutl8f6vX zQY;crR{c4fRoS{kbw4PUCdnfA2z_K`5W30kqe0>~y(1zrv8X)d)}Zy@kZPjNN4sME zN%<93QY)ku1Rdn1L;qG>ul17nsOBBG`%#!0mOU1*q&cvhbfev*r6p_@ZdJFTeC6N^ zcjpj!@S8R?bGDTiKm4;_i{m#4&vs*8|B`J>zL?;XJgHxPwE`Yt+rNr~X&KJ37>@C^ z?RYxzfoCKB#ab&ksQOsR((U%N@+8A6b8q9Eh2DGJAm89nhS>3<5-F>%$LF*Db#Zf} zaBjfoLT~3uc`+w#D0EJz9*uT&_ONz}HTW!YhlGABz-3t0N-mMbhxpukm&s9jcLy6Y zG{5paqMzO3ek0KZb1SHvBCIUC^Rses@N};&ILH<3f5_SQ(p;_d5$tm3hv=dRJ)$lq z49dMqIrNXs%qV|nSyRx}WmqlIhd8Ik4A<6KlS^$j0%5hHP^v9Gu8H5AjTqY?B#y_i zR`c@kY<#APCoe2?GHwcEEwc|k_Qv~C(N+j%r7ayd|8j-<@=c1dFsNs1j{z90HzwP2 zp&$={zMLIjn}dXcqp`aWF8fzxxv<0pDjxKz3 zk&Ei-h%lgAObGqP$eyp{TD6gO^U043;=#JAtV}EiYk?tism>U0)g>OmaAC+}@uQ25 zLsna`g<}6}F}A68IqA0^ZHo1yepsx?BYF?Hr;Wt>&fdxe-5*^ambm&-#BH2bWrI$` zL6P<}+@+Xij3O4riQ0IpN}08Csz2tW32sWG)tQ&gYB|iJDiw^MU+)olmdfCl` z%2~_f9KnxF-m8#hGP3G8$^3{^=$r9rSIg^%OsCZ|7cDhB^_@{R*}BgzH;Noe?b4x0 zVj0=3BuqE+RM0j;9iv=Ghd5;t=xCGj!PlDHWn0vAeg2!;9Ba@SG%ZmhaQ%uLpt&}T zxHk?8k@Ep8%5TdD5N#Yj!DU!8(4A#26_ij`Wx(CGQYT#+?dj5o(Sp<_n#mVtXh$%J zhYD5L*f3~Yw9vZrv;y;?*02eh#$)x1TjyU_PV))BrEVkM_NDTUfFG0g+u$7gG+1j& zn&3Yww{ELGvUR-uCRz2GVKE-1rCTfUzurKbBL+$64n_W`qFa&*So!Nk)!tMtgP1jwa5) zyQOV^xX}-yb{Y+ZQNQxtRu|3s=1-#o19->tRsb3=MxJ;1wx?w+Y<6qQ*YIpIP{+$V zlIZmS>gc0%?H8+~K8aIqeE!FwOo_ADg5krxX=0*H@zlc(tyZvhrMS!cPTqn~z?T$w z+(jb8e!2b=4K?a5QG1clg{=B^Y(7h>tt|tURW!;gKxPwkYe5rshqw0uAzprg@o08g zKrrIDsMG{um;eEvC&cl*jnKI+?^L5r*>HYI2{dG&Xf0bgCOi?F<}dyQ325DGn>zU3>iv z(f&$Wk-9fWYPLy!9w1#=j{>hn-)buE)w#rQl@*Vb5?<2$4E11exJ(cd3O}H*WHT&G z5w@7gk}YQfJ$JwPl`kq36kVg17!h@7J2pzjlO}n=`CCuFl$J{fh_q~mF!CX`G%I^K zTYq*gCJ>75r4k7UF69+U0Emb9$5Gm%uSCpPt=F5u{rCZHH$;wRx3G3^FfvadWFACy zh&rSi`6Yg&ZHJNw(%ZK49DAJ!w`f_{K!}I$!Ir_gZ4>tfxf=r$GfZC?ij@13z%;BuR>7lC~}3N(U)rKaPC<9xOnnObMvyYc%Y3K3SZ#9X49OkV_!T1kV= zdK)Ct%h|-k(TM!T(96Wdq_9tq4u1y$k@pR=STt^^$5}HR6e3}NwfF0XJQC8MJLz-k zziz&gQQpUB^uU&y3F~wMlkRTy+3h~mKid)xi}mVTzDw{lAAIv7N5_dRzlIX|%v%ic z9E}0qV+j!$OXW5~UD_WotFY>B2fIc3Dwz#C!u*{GRB7LV{W+Gmv$) zME|2IE=qFMl?N0rC5%!bX5+yu&`Z&g}Fj|?M73lK1 zUyRRtq*4#eC69s{e%f%t?33f&f8Rydzplz(Y~n}aW0-?Rx=jvcAPRtRE!VU4Ehe!* zC>=``%PDA+f;L5P<@u}$*(h@qctXm3xp(Fj5*j7+u4@+(i2@gPMZf#0BZ{MF(u!H! z-&d>)nL09nGYbQpfuZ1YLvDi;aju^4o%a!%DgVX>d}4w%Q8GsD)0})Cdz`My`d0Nw zF@K?A?4}@xC)vjt?{~~I4n`C&CA6tV7bJ~Vbh0=aB#n3xA<_F+B)VgPZPdWPz@~ky zd;Ol4U5TTqk4SHC><`}`rQmTVk*b8|sV+6!pR`0nI9Q5tH=c!}s+v4$p6(9m55oa4 z^ZWpW&l)&9t{>JPffh|$WygSv+l8_262%_o+v)Jw806qbIKF{4NH}Jjv(}K%P*o%I zCyY8~z+h5iV`Chbq7)_pMrp|0Luj)8(@m)m7th5*{KVE~=L;AoXLHlx9(Rq~w$#lz z5bLXnuHUiE16Y3qPM~j>fX4GLFgX5KXi(f`6zwXxGwGYsJdfgWL6e-08bv+fP7Cgk z)W^oykN%iS5{gERsZ_5-z@OBqqZhmV8QRN_^$hwDR&}bYh3AhRnNK&u&wD!BO%s$9p7$mk}TtR>VApB+PIk7R;P(~y?{lJKlDe& zK&dEDeql&29@1}}1<3rV8m)dZ3H-p1Ta~v3&{Xxi-}CYp^g?C!v}H6_3{^@Y2U?1F zD^fFb?(mQc<^W75I`SW`(#M*mLP5{PIFaY!UY=0`zuo-Q#a?9Bs9gHo{NOpH z$y(=gSP*N_=4b9^z1VR~oaEDpwxDb0SNqblV4>@cvYy!pjy6H$JDb3v!YBUqxq;)Z1@nlFFP-_>P9obM@lW z6_--qitQ!!=QYiMaHC_B+P%Xxi|-_=fWrgqq}0^HPXK^o3d3=3k!(AJw}JMLW+ODe*TdcakEyc^Yb)xub#Zqn4#gq3 zQ`}ucaJN$2i(7GbFH+pKxE6PJcXxMgdgMFzf1W(qJA17?*BoQKb0LW}JT}%apL9%E zecplUjzGYJ5_5ZJb8n9>KA%!Pi=U+RM-iQI{qD)0n~Lnh8O|Q@-(=sJQaSlKE-b&R=e&ggm9hdwdF={du=J9D@CdCcg3LB#V zT%yIjDjU~%tvEmf>iKl~g7QK=^f+xZ@Ji;{7|}5~-+cL4Sr_$CekL<0477@RRHnuL zd=LBU=Ay>?JR&g7M+Uw0WQO;4tWG%sOLx^_+hpegyFV=8u(he#8{)BZ(*E=~6z|Ls zi2@Y2>>DQnL-8&WUqW%4xVQ2^+qj^0TkTCut zjHcn|w2%O zi&LVbL-6wcu0P#wVLM%mJyCWovW#hf*~h1moSO^yO((Cny@B8beKH2Bve^lj)>u-s z$3+fo08^VT&fkStthZ{6<=4=q4~#1Hf`JJVO>OHX*c87_bWsAkYT&|f)NthF%<@cY z(0LrXd92YnyQ(MAR~aq6)>;RQC$iev25(e)qwlu%lX2xpKqX%w@=e2CD$Chrr!>6@ zPm1pEDPrI;*x1cgxon##aZ19-q%kqo=%%U9@i~R(6_P^Z!i4OG`yzI%p;KJ){X?L` z8m;9DfloR#FS1l4xp!FPMu_pwDxyF{iM7D!bfNR>A`m4I)ER+t)90B&W3m-&BFkxC zJt4#2Vo$2C?*U(*izbz+c{3c34 zmElU7WX_2)B(r7)q(y*u?I6ZLovFQM$mSZ5<9RGG0I z5@Z$BA46<&tco@hz#_kA?xtW z*Je(N)ARrH>%tCDzD&zL`f`6Zz&_C#i8CTNfUXtM3nnRl^LUW`3pV!tl1?b3%fo=l zeb)d2jmdxw(=yrwM4gmeg#*v-LmeQvUds(;Ul$?u3f(|yts;<)jw-VV;^+9?Bp>-S zrHeH_n2vXm!C~nE3SUo1*A15tAm1+a--ehLyczUzY6YSYU;byMxJR5FbD^g=;2aVX zQXGVE3Ax%;m<%l)piAiEj))2SdY>_vBb4uEb7G1(ir0FasXL3}>5%c;q*T~l$3#$| zyc~k4u{?UR4ZkcsMv<30UBNYWZQYqB>wCQbn$Q_xq!4PjuwQo3s+9gA$$3cr;ioxg zOge(3L977u5iX*>JKTr<)2pE-N9$Z5%&I3PnvU7o%z@`MI>Qw-M970Dc2p6D2@sLv{Ejx=sCVfN*Upz6g@mZ{UL(UDUPs`|f2BKa17;oKH~9Rx}WN zw%D9gn7`?tEVb@=_}$!Kf!Q|{QS{NM-HvtMVT(+9Q}mq@y< zwCdl?R0@*!?!aU(j83{pQ0VsDZ_dDm^>2{qLN96PYqZ*BBK>vI-2ciWZcPaYn|jcd zdrPfOYkH*xR5&{Df+b0ZV)Z*|>T%K^xg#`Hp}1Qg)}#z4|C7|BDCp!+pmlQqT^X zoV+`hTK!d#wqAq~f&3^xKm7b=0(VQOsy)=048&o4HQ0kjPUrq5%j>mDv(o{qL;pI8 ztx8eO`vsKh26bpT zdP{W5q}fKN`q`x2n96g*Ru*4kIEa!D@^K)vlr@B=IA$){)&>h(}AOvt{VJj0?W?0u0TcTl2AXYzfm z=`6MKQP$fvQ=-6Fl{-#|*$~M=&SApilax#tf{6z3!L%XDuWWY6edUCmAXF8`*mPOcoq&ag)jSgPyam^L*S1!)u*1C@q8q7vg8}Ca1Z@3^w^sh2}q}D`>mYsM8kmY{yYh3jCz5xn|MJ! zZS4T5O2xm2?^A<=bp0bEXvPyYs)apL*6PHUoIHuRT{!X9h#;4d&jgIaATOh zMuN!9lj4PX%p#+(YSqKz%kWtJNtmsQc)n;vyDyH98o)^jKk#MOA-X4fwF$78f@fPs zh#!Z_Z(6UW2jdtQ8ya5l+@7c9M6O;E3(K^h>5B5@thtuRLJhng99&;Zg7jcsj&DNZpnmQ%hc>c<^FH90)9@ZUc>S}$RQLzEy4 zpSI=sW@|6XV^t*ldri?CNzX*?W8{FsNrxPl4gz*?1nRz1@o$X$Wvj+#H7iHjL%UHrTa(+XxS52uIDN`;q^~(IU>Nq#gRM z@U7SM7<3GhPT&D~!o6ZW#$HMO;j(1XXh=_59YUl6rd_*KcR0fXIWCUP74KEWPA2)MuB3hI-d57c}khglV2_D zt`NZbqsvX<>%4zFiyp2O|9sdxr6d(q!Lj+6Tu4d;rvNyALC5>-q@IyKyzXHCEgNp< zkWE%@WEQq408gAKE5_XI^PeC3@QJ@mG0Y;UC?v7r~@TGGHG;nkHcW z!XwnQsP?y5P{SfN{nAIv`D$#Ve4)TdAc&D)KiUD|9gmrM;D}!W1fmTvl6@K{MGuf0 zp!}U;9pB2^s#~(cni(VAma3O^N~1=b9}x?ZHJEHhpnJKME|JdHt#;Hv4ezZUT7;Nt z@-)R>p8!a8oZ{X^?Q-U~3RR}GgP4f0^FUqU1xy6mbK*%EPdnD|#Ve7%y;o~p2ki2o zQ6_$0c-u@)3>kze&G$3)w!0}z>-82Le3r}4^m%{Sq!!{2lqEQP(3nbL$TVpVXJ#J5}%9y zu(8Tt`SU%YStO?q9xn_O@tX~UPY9Bdoh^3DF!N(~For(!EJvuxIz)W%O8uE4|)cO_eC@DPhugEUun|-ei~E> zMar37)Zq5XKh-J>#8P>Rtl^#qAejazarsWQp>6sS z#_R-CJ#06WcwhQ1Aa}#OkyoqUmxLo;cS{7AB+}ix8;5&ujq93e>zRG=ZR+n)CpRgRA!FA-R>0?BDbeKxYVy_`Jj8VB!t;)ntXQ zV?4K1LrO8D3~7T=(0IzF@7a6!QEuYVzCiRFW#HKFc|oI7sQ8j8v4rZ|v5VLQ9ltMH zJLOS2^-7HLbg=$~|17H(*7DLRqQdjN@IxiVUwl`a*3I%WA876e#XZ___`Iy-sR^2q1a8!7cHKI9>tK(q%Je) zUuY52$Su8TB+@T$abM;}Ik>le@sR5WP4U1yB&Rn5LG@gwfH}eWn2g7JY|i$qS~|PH z(cIur&Ms+IuB(Pq88uDqAo>ZV-Y$KN;mIIs{TmJ9UL-kGGTCEwhBH8c#XDAk<%~Yl zjipqj$3C$M@DCn@La`gO6@sJJ18ofvK@cP>u+II(XH=_67Fqq#q&iheDKzG@)ARW- zBF)_Up)(01)2z7l)Q#AXR5SAY!Ua!oTEfdhN%U30k8jc5atEPr`N!0ACMYL5)HL%g zY|(exocqY{f7D(|O3&#(`!FBl{iwB{twz4TzTTYZNknk1=F(E|jD4G{xB>W>zAd3BFy zp6-&;TyR~NVk~H*4?++Sk|b`Q7}^?0>1}GPq8#xudCNoqCjI=4xC+(qZo3$rc5-YB zVjRaW(t{8~EmaA&CY9ka%(*T~I*o8(G*p^)i4*tGjp^E_<6N9yh z5fIh7j+}WGc8*`B2^y)uktGYON1y$kDcNXu$BNmwQU12uCBapXJMlXooD0Pxcw%mS zCDeyx0R$M;W?Km!KB{lTOU0_$rP1YKbSqybjo=6AWw~BQ=ux|CR>Ll1MeJz2g&G0f z4Xhmz(m}=Z^MY0GxTR84TChZ?^s>J#&0>$p-ivNCy)5)*Hxs?rBxC#_payynnj!e<4tY1Yb566F*}x`xq+V$%_xXVQCG#?X zW(u^v>b9UWjz+|+awOf7Dzqd1+)^g3BcT@yJ*IFCj~ReBB)VV95dnN!JT71Ui-@;i zfiW2v3gugw?VR#bpj28ufOVaimP8LMZFh4z@yYKE$}`BO>=h3x^9qB2 zgqT1Q8I5SHZ*tdg>CY;0f$_JDiL*4G{l7NU*EbS2+yK$_2;hqc%8b>G%g3u<9`WLim|s>b7w;Jp5prtTcK7#(T$;#r&1DN0-y8}`H$m~z3do(x! zKgPNKm{*h_%B25>eLVxQjE#fG6C&a5~TGeh3L@lGn3NnQiDeY$nn+kNY zG)iz)l9}Y4S>O5fhd%V}n_RsRDp4M}*pvX5=zS=C@49zLjp39B^pkt>of<+e>LC@N za*nNuvc%ZSTggQ~aJkUTBevtnkfbnD{&k&wEgqQE+uH-B(|F$16T=_fxb9YBs}lye z)1S^4zr!+M`79+Q>%Z=KK@o}1j#yK}N-mIh^`$>S2Is!wHC0OWi33+sbm!rBULUaB}BbZ!6BbAGaGlIf>zT(h`Al&Emez-Px5_U zh7%_F%1#69Q?b-&QZR~+{IrMYF?lk0=bYH$0N|2@0AQOSGG#oucar4b8p)9B~bZt2MBC|#Chd>4C{^lHEujwp53kqL@*_m5zpt99!=J zgNSrq&}Ux&#wN)wcVDM5XI4f)m+;1#)_@hq8!op={$|~T!x3n ziPXZc1M~LA0RCQF&svF!mUGXw$>Duq21|hO3K{r(vtnfB_@7)(mlj!<0}EVNBFXm> z)r+j!gVfh((uuzLOt`D@RkP3-guc!9q0n%6oU&wF%dT>`MRPTKT=`y+wvb}imys3# z>U@3To_vlWAYL<`4Kv7OfUWxb6|jEkxj!nSfVtJEUu|Zp)is=)m=dy{9OpXrPAl8z zJ_v9eglq8kOsEOwXdrq^(*u@Ex&?_DFMzJrcQeI+vHy6^YEFPvmrE_1!=jCxVpa8W zr};*Lpg}J#J%Wj#?4IHejWv*{$-q!toX5-C45cV>@FsiJ8&17KJHTS5Ff=;?IJVMY zQzTt|zX@D=m>e0w($ZQgjb6}aSB)zU%JvQ7w3;Uedv#b@ryP-ccV)0*sWXP0gt~LO zguyv>J|+AYEfhicam@MwSYBZ7DK%VHn;#EewZpXO2Tu&NZwOy?a}YLL1mhOdeE3yu7)pmdPJ?v{#f^kDmrg z*drn#IXo!&gxPiK6>$mE)HLrkkkZRw7O<|ek5VULByCM9&tb^OgoXcN&}o58RPJ+$ zk?;~FN@mpY7kYcTkiEO;Mw%F~JAcU|2XJ&;P5p8QoI;Z6=1HOsK%u=N(5qJ_-~Hg~ zK?Cfx2&Pu=~LP8a{x%b87yAzC($0F_}`ps*K>|MsjQgjJ$|yuIDBb7ZbBYGf1_zX(!a z;!*(%x|dsGpfpvcw7_$R8d?TGx6=fFbgP6m2n33>diO#)e|u62bcVSGDc_*r{pz+5+%cuaVWWGv3KM5+ z8i2{LZqCZ8BD?Iemz46msaRZQ^as*VE+SdX`ue))ChS%o+6TQ$O$lK6a-ks00|ZH1 z@+-TsRnw>-Nt5?oKyJQlIztH7-$@GGGj$r6+?_-~-z?LNY#vf7pB$=kw>eXsG@OA3 zTXHvlVN3?_k*v&Eh>FvRx@S6s_XcV%c>-XYX%MSz4t(0U?O<}vMBcwF?WTCDO{K!X zoqba(?e`2n@wSG#>F?1wwj$gd;m)`HO|if{l};L_DlHuf-1FS4=eFOl`zWsU+S`~g z-j5ua`&yvIk*O%Ub#hRYA0ri0*rPD7@U~YKvo$r4jmf6^Gd~}?cfeIDO*(~k$^9}W zW^-`LL{zbfX$WSfP``XItbTl%1$FL@U*azIBnyn!QUW(wXpTK?> zTrG{@>n7vt*@e>Pu@?7MKVjwHDxW9zz>tuV>)Upliq<<_yIR{j_5)b|XmRlEj27QW zJY#{sTr(i2t{MT9nmLp!Q1u%D%mM%MVmy?PM7L920TG%nyE%0f)B|^2syZG!!5vsk zM8OzhauO2s#B%C30YxWVtl8^O?H;|QcdSI0z^DktB3Eg@m3H7ke`s@mXg~QOM>91B z87uj?zo=w!miyf({cJipX5;4OCNI6WUyQWHt-ew@f=pUAdTIAhQU1r54a4hQgyGGe zFf4cD*<9hhfjjw;j(23RGK+9jBJyqDfy}n{4e~;cPIWCM9__^8J@v-^YBwytsES-M z(m;#MQ-7{+4)zOP$^%=Jta5i^f)iwc=(Th(?CnJa16_c-@>vWf%L?p_3!u1ktM*K6 z&2?6yeob94Y$2?TpUl_0#&G>5+;IHKO|Vdp3yEICt7JYw1*W#yGd>m19NnJspF=f& zoyFzo6SOrcf$jcsk*DA2uem|EoUNT12pl$ve{l=NpPvRIca?}ZrYE5$_yQGbK%9Q{ zD4NYQNhx@&c#~B$&$o)A9+IdH)^a_=F0E5SRN7AtHaG>;oSbvl6!?@VEa$rDIkRB^ zM@~`Y?=~^fcnPWY3CnAq_q5a4G{>G>TeUQrne^zn;!-=9Mn*=%+9YAD75gwSFx%S^ zG{)<%6N!jlhQ_R_It%87-|ibbyC*K1<@7duKdR=&9-b zN8cz1ml@-;a1A`vKu}ULKAg27>i(9bD<5kuD969d>KH2Vcc2^(Cov)k1Rx?h(_;j^ zJ!D>fipwUIBP&(w_v1tV0@GIWe^m^~d+XppL<@Y6<{g~CVjn0fj!`W8Y{aHMZ;P`k~R$y%)X@zLsmhQlvYqy%lVo zfcPGv=yNSXf{!{>5Ig$n|9pq6kXOOvUMWi1rTNl{4GMU^akFf5>Hb^h&uCW;RDw|D#VQ)r{n{V7#`#K*9C$t4jkE3-l zWsbCK+wE4rM7q+@?c+jB6*&GgZ&%0XGxok~&N_U{Ro^kky58xw-4nDMF_p7}Py2y>LiES;O$=bN^Y z>i*XwsRiAodk1Sef_JW@D%(!Zk6=&(yVbuO;UA@$S zIeu~C%%^r%hIlXOs%{S&06SDQh0f7>+e3#(=xdZ_-@&DGOm3|u@(FHCVip4Y?L!C>jn#uUV2($+{&bK;kPFg@1$D)!vW-2nQ{J zw!WigT17fP@lrn+8+T4A!z>U6A<*R&h*TCiVgdI7lH}LoYcWC45rI+_K{GDJ^!ZyE zxlVHhE72`J<;)`o9(2i4Y?8V8_lcMvJ>)96Dq+H`4vMvss)vcD|JJd1P^=)A%GWvd zjymTT7r#v^_i0B%ef{(x4U}Vm}n(m?{StF zt1}uY#cnmw2y$&3f4hL$H=XFBd^6oMXZO(+kIJ6ADZ$8vdy7A$GlxzudE-i?_=@H> zgjMyOs8$T5#6=~4mJJ3>^qrSCe$2fZWF}jbAB+{$_Sa>t6xE>Z)O&v&ds;dus&WD6 zK^xRwxDSd(X55eR{*wY#T$oiEm^rF&v1Ewy=6^ZqpPsA&#|pE(n`ZszHem<%aOy9U zP?S%yiS5vVU;Ib7*R7m_XsPvKMp{xp zlxXq1ogVpgi9Ip~lHZom-^*Bkz5ryAAGl4C`%8nJSDIWKtnqfqxB%?J}RpCr6Jy#l!50|PBNDoYPa21?d&Lzy(WKBCq+FvV%kIQ|XoE(4*AW#7!A#Rpaf zTL!Yd4<2s8Km{iL#m2i~6N+k#ykuH@T08hFH#`sEU;5c{BGsdw5Av80_&}x-q%%=b zU-Qt|Iqz`xc22WS zY`&k7%FGsQm^B!fk$Smy_KAAZnbF*--(5|g_gL4}21iDly$SyN(^V69Q^)4n*&Pl2 zb3O_Mbum`H6*DU@Csy9pfUNsQp=0Og@1(ZAHl*PAr(j3N{MBvTdsJow>3~J0vF(kU zB1{7*;BWr#-^LCJn0l=oZS&*l8mc}~eMY*TzTjWOD+DK?4Oh$s1tBc&-1LltGtwd2 zifZ_-vGEr?5kc&k>bI1!YaC=4K|1n}uU!Ro`&&6<)(e&@nG4q@hOc&{9BHBh6TiKUy}77^3vA+0a2tgfzJqT0OAdPM z1w4$hj_H?F1ML8jA&6XcBMMDevVTD@eCXZg-(Ppz2ZpPS?GPkyQN?qrGKz~-1WMAJ zsf&HOWJ|Cz8>Qj;BZ>UTpgeajT9XfH0-mNbWLLkxZv zqJ&Jhp7;DQo!}4kGSs04rFJ6iLwm#lHpQ#`>t&bSw^=lbeaXpJVav->RSptcN*cr< zPf}G5OI22JNB?048-O~cP>6{d`l&!gmqdkfVzgt_kto@mR-i~1d0-Lri>P`SRf|d? zR2up_xXkHD+;zJ>ogyBnyQy&*&~Lk%V!I7T!@)Wps$HkmZBMZV0x}#>GDF0;CPAfh z7&#mX4@kr>>$kpTV%BWVGasgr<_3+Vng28KAYd+1$Mf)YqsY00< zd_tRLQ*<6zXj7sC>f~!Sr9?v=b(ofy7UQ=L$N;)l$;vm7eqxw+a-WwmC_uA6RUl_$bkW_&m_b2_>? zHkB8`M9cutQW1cGQdvtUFEKnAF%sdVE_j`i16+;#0<+2Uf0g&hyYOK^cIWGgM^QHl ze;zgma|8nbn4gpO}p%)amxaTou>|7#0lYU`SbZUY@)x7|6XW_<m#)tap+vY#?Tmm^kl1 z&njR@_-cEmFa{0*$9&4hD!n_CVHU3}k3+n5R)N)d?S0)f0^!0*q}!yV9k~K*Rq-m>~M} zFL9BBC6CiW0{N>f$wpgQ85p&eJA6O|CH(B*cSv7%vNAowQmM(Mk9@0K%GO;J`LDn` zM$gI5|5N+fGmyhYRTZ5{_S4?k`OiP60MkrbDL;AfRI}g;-;wX4;#M}!tF%83yRdIB zR-o|l2WpH~e9D)q3F(Z>jg>dV1EJx<{!GH)=(10EeN~MFr!NYm9x8+)mm9p% z@F-v)c@*){lY^fRAWu!pMam%JSkB5jmCPNIgr1b7QR7!tj{aEcWTvuG%dO*` zaBTr3vcpGZ0F@Q061F-SWtZOeyv^jwUYr%*r#}v1r7Z#_kgwkMTTcP3*7l`%MLfZC zgsvt}={9%_z%qS-)}De?F9k$MjVc$PF<+uOS7{ zQ>`Q5a?GFY5zz^N4%}nh4GZYqmR)&Q*(lW5{8`SHPyP72RyHva@B1&2oCu1pu;BPw zf^vC!l>}6ny?W#L6_{&MvpKG5=cXn}8E0lZ^z!+mRP!QlTLSQorC&BO+!voq{~W5; zIjfH#Ju&#Vf%v7`V?_Tp8ck|rmLxO`Q7uB)1_%JRMR^z6_LhsPz$zdZ;dAoO9dWYx z9Snl`Lj-|O2R`&U)cnwc@V!8~5F`fOLg2^v+V z!&%6uq1cGiJ>d~=OC>;abQG$Xt~KQ~5@HSC8N8t0E%EDHZ+VO6iyXR(u$`S!oU+^FdUBm5lrS6IXJKHxW3Y&I0d63SL4TF=1EWE1`oV zGPU<(6W_c#>%y%xp>Mb;TYAwbsUx{x z|1I9~W)(*Uo$|RM>oi>SOmnWV7Q6nEuEfN^maZ4lemUXy1U3&Zv%ELCv!2yiN(nV2 zjVp{>9gn*_9z|0c+184%)ztF3y1FJYS5R9DT1K3x+eu6jWDD$4TQvPpNMNyQ0#`10 z(CL!G$$JFm;45{8hJ5`6gbAijcb^42gc80_Z6HJP<(kW5 zFCtzY5m;29bQ*{;H<>%O>vJ>;YH3i2%@hYuOb~FO129$6sPXEO-ktrfayRXGdV*Q3 zbqN_33t>HPaUqP&%*>Ncj@ALU&sd< z6c?g1^JrNA@ksD$&TMv7SRo>T7>6EqJ$X5SB)D^a+)qU$fL_Lh$f(ZikasD`qG|Pe z#@o-&!`Kwg6yn7!wNyDkLPP7P+6md|FQXx6V?Z}xSP6AK@QGrqEi6@sz01l1Z~1w! zhvZ!j$w{Dk8mq0XE&o2bj3GnCVY=-mfq7F0ZcowC~dKnzaT} z@7KBCsDsBlD1{;xq+FZ7BNshAPfxSyy4)!^V(&C(19mMEfmH15$~ zeylyf8Yes6b*~G0uextYh=>uhU27w%v-75t;|{GPZH?7UKcf0u;@nJ4O^pYlGu^gp zI=8`Gbc4CHW3Ll#>+T5Vc50*6njdGd<+@Ld_op(d36_*v*`puG28_=HedHzN&E)Q* zm_wi6xDn}$Nk%so2H?O$OL}N-1Xax(Y?i@oetc3N4h>56r|?7N>%KN0p9#J2PiM)F zg1^|&ULHu5Q&~QC^P!Ur)YZAz*z2%WcAgu+boNqS)ovGY_>Bd*l!#l)yju+zF6&iY zjRDLg<{_LNU!DW3Q<)VVW^XHvO$8%Z{~zGwPstD1RqTI{{r}**grUHF;W)3vq_F1< zXez3H!}(hz`@Vt$`jWYo?DDRI2z8@_4remZIr)`+!r#`h92l9Tysz_NCn@)5E6e~d z@~dV`-UgeM-}%zk%yZXX65v7U3G_BhVv4p*vf|`_%vOFxlJIF^=x*bO6nd* z4&12Fi}8VyBx7bKReHbCT6Mn3T%@;o*^ZEKJAX>SG16(elzTlnI=~>n{8^Oc0b$@> zFMfUN_`Un&`$JSo%neu!O1!yCE2;Spq>PseQddesA4KN~yu$r_8iRm~I)L^~Nm$&C zw&6lBFedq|XZY^LbWEkbxZfSo==YxLiuPA2h@i8a{Ii{AB$mDSFnCndZg6bwsvs8W zJde|I*FKU&05O3&s;A5Ujn(Hh2+w<6S|VrN_rOKhZR@GY?ONRH^~$RNmdEwn%j@y) zNz;9L+T%#JPsn98i$s?sGU-np+YS=fbqD%j6k-Oe!Ui%94(QJI3w^KKDH>6G{>#0T zh^y_J7`pGaFMrqEPNzCIOYu{7_ENI??R;+FsG4P^4=Y)mag#(!A8OE~A6tfmWP22c zwR=O}-Gppgj(Ate%-qAmH|y)nWt$uQ#iIf*uV}LWmZxcKzurvrZ~`Yf1)i1a1tTp( zPf5WDgG>zYtAp31DxC}ezcEr^7G4;}B(T)7hF^*TUN?r_)R1|!!y5V7`9bQNA{mLd z6ON!>EzS~6_(=f>6gHoH$y@qFiISK+HQ0;9+!0=s<&M#~`fL)n`l=I`zB2$OIYvat ziMv!m@9piCM)8BCz^?8f1EbNWgsW30W-^v8gS4Ox21%;tJMab_9fV1PUT1DlkgxDx z*@&F$Yeb33Rb88WFfqo59EC4u_H8~KuVUmuE4=}v2{*n zS_Huw^xIF1{v$BA)DPT>1cf6Omf=C-vzf-$vT4#;KtVz#E*qJO2THf?Z-=;4t{-f$LOFA{n z?X_yL#hp_SE8h9>5~JW=YEH<&fV7?@ObRWIMBsIB=TInzxkIlGy7PH&Vs@E@!1i#B z9v^gpgp3H_sZ#MjJQ|trqEfn zoZ56?skPzfaZ@?A$dOMs z&0dG5XTr+%AJkb%9#>AS50AkCblrG`SimgUY>g<1{A)H+pyn8YnZ6!If?jT{#tDl&0&C} z8>-30)F_!90he0FqAWa|uvc+Di!Bd4>b8q9W*O7044mNI%>OuZ7{yWskyhUV4|Z@} zT@?98ftjIlr<(-zc#{2;2eCpJ&BLKTMy|)etBl}bZXUS}Cb`N?hM+efT>M$gVrr4~ zpu{ajAtQI2gvTCTwMakmq$-0ENbE~V*=zD_rkYs5Us=^6KW;Hd#>y(PH`KPX-7@0R z7Vj9>7C4e#iy%54j7C@U?MRfZuD}W3Am`K%?k7U;Xtg>gx=v6NABP~50;`G z`u1k*ccK=)kdy0<7J5?1FucHo6OfKoKS;|a{s;t2r>;^U#KmpleX$H+@O=v&OXatK zEL3d9W18l!*wggYMp|tUB5n70P|iTgwlb(!U(;qMC8w5~M&CX`WllrRu@b;m`?0S? zPrgacjMJgUTVL1C;UkeUqr#5q zEkAiI|0(9g$icT}M$;HIhzoLUz}dMTiC=QcNC#Ran_VAkLi2!rZw3B&lTyiO zM^dFhk#dk}j#sYv=4BAC+>EqDE&~8mbkkq>1iUpT;jPmni#_*}bJB@wy_DgIs!<7{ zcI#2u%4kvT`*e_S>j|jiH+_%#+dQlTkAnbuW06}HzS*S=1pTJi+LoMNMNjb|Vp7c& z&+T?9+)+9Zk-=TipNa`)I7|&m7G*`-7RD?fzL|DNi#82>s@4@0O5~WDs**hJ#o)U! z;%{H#ygA@p>2*pTa+;TGR9*0=UUFH#|C3bzzbt@TlQi&cwG|N|Ti0^_l%kLw=olAX zqn|k@gPWuM%=&eeP=t*&f1om$QT3Lh4vOm*MdrHR_N3vhTj6O$7#Gw&SV>!r zgv>tyB-p!;@ucKtK_rQ%C7fyv_nIe@n(OmzqhMoh-9NjC`H9L5$^UI%D$qQWDIaW? zRT9mqQV-6q60#5Ww~=T)Q{|A>t3U9R+Fyw0FNV8Pn9oESU0aQ&7eQ1K7|Ao1#adKU zlpK^S%Ss8j-lo6#&G{9S3Ccn_J5U#Vo{QhyP2DLa)d$>OYZ%IAj*k>*-Kk zJ<#8mD3p^B?F-weK}j8FH|aRRSF=s+=NN>x-kil=tL3}aA)VHFJ1@J>~n9Gr?Tk5kUjklW@+ zTZ9I;tDyh2tMc>YIr&H-UkB~)r}iJo>N00G3J+{w{N}xPcu7AMO2GQpi3GuHPt5yqJTw4me_1CBAgGP0ZFvYYC3|E0e z{njx224*w4w1NTiT4_u|bbuJ(k5fxH2 z6vc8SB|Mp+AL_z8cc^(}mifwC@v=gm+cI4y2VLtjTIsoOati#X^r7A`<$5!iFza_TW3RP|{fGZfQyny&}D4LohHb;zvZo0!6cJntHv zM8eEs{a)WLl(v7?wae-=jTV3>(CEo)M=oLmjsGo zo!WKYK!}R|OzacVKG}Ju*8ZUQoh#7>_kJ0g*u%eiEQ5VD2}^x=LG|K1r3pLp`1nYh zJHW$rv>-G0x!)Y@yU;J%?QsKZue?}bNb+2o$IPET3-nFOjrT~fDN$o^G*_Xhvsm=o zhiPJykE=g2yhZ#2CFI*$9QK(BY@p&yU16?G*e4n6?3Bn=#C%d_)e~(VG6#k#MAode zY8PLO=x-?zv%f#D>sLxg-vxyPE+}j_n$5|tgIg2|gT{GF+S}7DbFP1jRVWg_+NWcY z@>G*<_i;SskeT!bJ{9~c)A^T7EboplHZLwh2<@6A({K&i+)7dvn0pRyBmpyfH~Y-u z+RK9VC1;Ukg?Uw}G82P?y|@NU-OlE-_Y%mp+}t?O>P59BydIj0(enjM*x+eixcICYO8;nB|`oB}VIXz`vez*2;)N4WSE~)eweC_C0LN06g{wPBFT`CN_wx{U$Oa9jsA;Vbont^OLZJA8{_lFan z9}KF~?}#T0cHq0rpl*74MUxfxmK*H%qP*sOL(G$v6!lvScB?N%ABy{|p!ej4`SVt@ zdA2gJ>>X;Nr%UARGNJXN%S4Gks9>Z+1xOoDSvlo#SKpZE@r6nmtd%|5kLyy^c-+<$ zRqIR7=?S$E+r2&Ll`N<>-OZnwjMi#`Rq0pf})@b*Py}1DR!K!R=#b zu76vvwSeXF4mP|!qm*$XH#LN%^3^KcvMCr8 z{M`zgR;D;EgodpbYRB`r)SN~!i&#nJ3=4uuw5^p))JN>+8q1d@C2EG{7D;N~0O1+< zMM?vdEl^)xZ&=1waB$#Ye|<(Qy;YjqYU9TjW0PDAZ0x|z9O2QHXW3hsvmhLLjlBGP zP=(g;*jNvEBth7UZ99ZfE&e$v>1zc!cu35^)dlz{7)u7l`d!&q*YS#yh}RJWdKA6f z#fmYU+BOT{WYDTb?g>WiUvGc8%Hy-cDw%_^#M;2k`k(>N)uX7FO6ctD1olP5TvSqm zUf=CeWKFFLvUv&qc`IZQFziA|e%vNpSqCxo*Z!N)4OQtUA7^)y}Inhk_7Ge<+WM5f%SGw%#f#u5eox#x=Mm zxVr@l?!n!ITW|>)+@%|LcXxMp3lN;(uEE{!%D!ix`#=0o%>zBg>eapGSF>hSP3SX| zZJdudbVFpM-dESRICUW$tRDWQeE6ddgF`(pm%Y?|BUnSR4>Dte%S;vV0p+FJpC1WB zIKZ-CI(mB1>LXmW>TbR}|^<($O;9RVnQ@`&iGJk})P zS~5B>ioq=kxcP2oTW>4xn;ZmMs3wG-&jxB?G%g4(#hBCzU(>=($PDhm_gj!;72rQb zGfonlb7V1@@f0)EQnA278^!m%Mqo9bp7`ksO>HflA`%K>QF(Po#83pWNIJK@Q9g>k zu{K)zWq{HekU!=;yzwUIw(j1Jp2DP~vJ?Y`cR5-HQGH9NjDDAY&06<-HzBhjzbv&S zF3^9->RI(jX3h+HSasO3b?$vU06*y;C=eY@OTLe4K;0ux2ZGl>nnz&b^xCed{80+$ zdt@_$hJ7#`YBY6=9%d}?gccdANb#!>i?BC&FW2!B-Z;9mNPdZ1}n76 zukOU8G-l%_EHNUFSii$U~9c>DD3BcQsWo+HiSs#$Bp(qW3dqT zH=omIx*)vqK*K^j_31?D088Oy;kPgJvAkq4oV8-)r01yR_ot(bh1}oIC^XMz|4<{F zC8^CGnv(Fk8Gb=KYe;r0NRNI73B)(qZHUc(Oh3%1_5On(N{1ENPsdK319)Z+Pb|Yr z4W?kgQAkFK%`!&@CnfDhaj@wGgk$lQH9CMs}G|6S!M5w5yu;S3i4oOdh zfCGV*J5DmjOTv~+mlupwj)L1x{+PSr~vd1h<^ET#|=(#C)^LmwYOf=Vfh3X{)^ z7VL}=qOfQS&zsSaej-(yp)ML;)(hTEOh^F33gQ>{EHg+o zD|K&gZ!g!yG&jfaCIq%UJ$Zz;8S@aNU6^r->_!Tde*RonqSyYV7T=s2+B_Er7F3EuPY)aUNFZjPfaQvhzEfY;nOs%e(r)Wt zhCzCtuwn&_FY^d~VZrr@f?^}Wrlzl0nlL^?7ow6})R4xoE`kpx26Xtbehu&kmzSrz zgqTc!UxUnvF{$j=1Cfe;$D$!1NnvFu*CV5%#yPR48e-H#P^-aL?&tn;&`%D&mDAD; z?)c@SF#`YCH$xhR)Mpq3^~M_H?*YUO*N@30dDX&vpbx*0TxWI0z{SqtC5bj8 zgpT3pk}u1vyccVH#s=6drv+8brE`S9e$eDO;$x8ZWn80O=zgI60j~Akaq1~|<7nRD zN3HMawt^jZ^W>G4q#B}qa!MI><->hRW0Y;0VPe4YgsHVOP z#p}y;b%Vn+W}5R6XM^dHBb&(N6(t!r>n{lMK#uQ`nCJ~uXmrgZepmJ}CamqoOoX=N+h2Jk81imKUzp0 zuvXN8s$eeAt^z41z~;w)nQd8JzP1*1ec`Q7gROu~b4~5IDM9!`4jeRn80Te8z^}rv z6q`~>Z~3WCy_ml5FWiFX#l37Mc@6?0BxDDL78(xTmPFPW^KP#Os|)lA1w@g^M3kQd zv+m&bT7u5IOf|-VryJxsl?w`!-e(=g9U~?z#ubUWUU&m8{95ZpJ2FWS z=u%XTRJl)FL}mjH%nT8lUH+#556@hnE+evrm&=t;NeLaeMYi+b8gudJc)0U;0iHgiw~l|kbn zwII=TF{E7vDzo+iP(*~`ctE=Zc)rQDf-sjjr5_jB?OXu>sy|2jD>AKIFB%~vHaSRh z#E&`rswC(EpYDp>oqTaIZztPH>JqF<=Z;Hhh>MQK&1X8?k=>(D;Tmd9^WneuYX4K1wmnombi1 z7Qb`eobOuLE!JOxZyxbBeha0bcfCFFH3TE-Jl}yjw9lE3H>$bKYFh6KWi@}_F6v1G zWCrd;)@!H@W(11+`}4An^SOX8R^4}NwH@p=B&M$zU#NfwmzRpwnhY$Ag`t$#MGaLr zjqNXn0gY?_&V7Tv*YIv0D)%E$&s4WQIg+Vs)}(D-;gnmhwy-gNyedLwA)Gp?PWpY! zd2%?bxL$;`&R{*WTVCRMU&Udy%gScZ1?E11z0~gf&V)k5t5qNqE%?UrbhG1DqFRi4 zbLL4h4Jg9p-`!5+E3(XU;Xx{})v1ogfw(w~oc-$>TJen`qf39xGex-9oSBU3w~pAq zPrr9P1|=~WNCT0SpIuHC63@C0$euP|7faFXnfY&5EN_;u6lV#lI|pvvs#M?WWu^@z zde{JHyN7?Ttdk3%SFj)O_|QTzA^5*OqlQr;(tA0Os>aa6!oZ9?N>R%IWU!pnccdTg zKpLBPq#cQU5Hb{OBA?BW=WN0X-DmQE{a>kyiw2&BB`Xr*K}vRZ%(mt`7=Jpdj(~lH zSQJ=B9o*PzcZN#FGXvpA(eB6=Bb)w=R8K*IPn+__TQzbj+T-YaGT<1QJ}YUG#883(&NpG;MS%c{(`L1IWkpAAJL_%Hq~p?- zc5zU8LEh!>YO+RU3XOGC2fu)s9!3~4*HWk1*zNA*SE_}|721=O@9%H$^67W%Yu*Q^ z9m@8!Sb&|wp?4GJS83p{pPySl@;alhd5ojPEm|cB56)L<93mMEm&g^c2=cf`D_(07sGXSHu_&M+lFbMVkSZJm|?YuWL!iZ)F%#ZBPTEwhONS zCH*bHt5?ru&rJ7Sc)8iWyJ9fF2zgXT^i~qXfe~iTD%)gD(Khlw-`sz`zzk{_VaKtt zF$u@(ZRGd7>&a|!1}!4{`7+L%Vuq^X;`hgriok%6jxosi#z59BLZxnN2$%gInM54* zo4XYfr5`^K?b~#i>3@)s^)~qQfAx6IL_7Z0=zfj6+&fbV_yT}mW+w|~;orZ69uHeI zgU7^IxA*tvJD6C9ai9(#5Q?f_jf+v={v_oQP}-9lHCVc@cyG@)lKI`M%NtL)KTDPs z?e5;)>?jJ&rl~U=4wING0VEM~b4avhQW^OOu6klI@1EEc?2&mM*=>Ov7*dZ1=!fPAhQwnmKXX@ztk#=PqP z`_8`+LdDpa9_*^h|DbMEwCMjzNPkj5+LSo>jl`{qxY=l29~||8+*imxHjU%vC=?s^ znZb5BNkO1(V1B5clA+0+c$R13(+^xyrc8IDnYr^K3`z;D6X$hza}by?f^T4O5WIyb zbfmcOD{EAw z3Z>IBamNsS_@cxszY|v`ryXOjgZN6*59|?@qJf~Fv0S}rBy*@nmDLRm5wk-o(ZqT@ zcJ|9{OcKY?prry39_YznElXny=OR6lJyZKTp>;EGYak zLzcqIm3t+ZA!=T88w0KkCHk-E$2$-%>?HPRPaez0$BXR#dHJG0^)RF~UsINnM?s5J ziL-M@<40p4F&<(9Z427%E$QgPz$fEPv~8#vNO%xBf-GlwpHVec4DuH;pAJpzDvT&s z4FqZNS6$Ocj2CpYTd~Ys8TeAHF_EsMC!$dw} z{DiUGgjd7F8YRdt)5L_<_y+iS!d|m*L1cm>1TV^pbAKA7k4amJ-_ec}lL4E@giPV} zP;{XRbt>)RG$HY<%+MFMU*S-l+G)d!DEw_v3pVYx(N(c^D>}tEn*Xga*#1d?Zuw)( zLJRAWp=&R_ubGNE*7xHH5z(eiG-HT)VTP#2w~+@j!55M5!afeDpkI9M22xW}T?FDHyL3^Wv5KtoCpl7YW%6m?PUYgaWrH#B*oX5WJP zVvs?m7V_awkwlQ#*!G9xP@PteH|y<{{n?*3D9SK@Ng%0I?tIZ2VgKiN0A79vpgS0i z#*rzI;ytiqrVW)@Mtq)=_W2ZMF$XQ87PYTyRk@e?5(9VZSf-9#k)35NEd`Au;PUUC z9KdCAqR>PZ{=f4E+=GDuVHDu8f;L;E^L@zOTUkj7;`aEDUW6AiW#67U29^R*V3jVjeMOF%n0HoLH*A@a`2%z7e$aJR|) z$}}k~8(rS;wrgpkCPNXM9vVNok_JAU6gfIwTO8Hl*hn}y0Q0n6#85B!x9#bXsoWni zcT0ueB26pT!NTF7k_`q8RV1A zuK9t-PrP>o`UB4<0tFJYoR80oWr)^2G)5muf#L)7sK|pq^v9c?!01a4N@`(7ZO5G( z1W95$Lc0-EN+nkBw_Ty^_!o3k_|LaYI_Rri0_rn8_%K&J7;*G}X<${4aEved`r}IG zF=^)@ZTqLo+SOT9B?+fd!$(@@hJGaG=WjUK8k~F;rc$YVezQKo`M(F=zrL=3d{Z2t zD3dzV4Yvt*^AyjsIE?3b5}M4B?F&xC0LD1y5gGUTd#4eH@q^OUws(e?x3`&?eoVpZ zGurRJe|*ERt>#9I>h9+{9>Xo3rn+a0lXN3Lva1xxlA23#d(1f`slg&@i@FO6>N_uH zHebFeFj$Vn_=~nUI{wTq_2rl5Q(dgTZRdZAyxthz`#|tnO0FP~Hqy-Lc*(-;qim6} zabBSh&;~Tb-&Y(jv86WI{27B8m$*7zXsjO)5%l+mT-_JZWwyT>CxCyy9EMt+n5oaz z<>DgHaOsVI^0WNTgaDZ+)tHl>tFHXN4)?cig=~C_8b_&#rLLU%Vqi+-!(LOKkyVpuAtrjy7@ZiHjsr>_Z^4=ty?ujmXb4%n5j8JV$ zPtRP`>ia9%MJk5W<$NKy>-ml5TjzJ8$68awGS}``u2AlI`2yF|<*TA*wvH)vy2@{j zA#HUq7PR&iE4gBxY3y!-D8x(IeW_}VI}?u0muC5QuwC50X|kC>n%N0%J=vW}!BB2&VhT_G%8i;>b^L?T{SI1^^k-muI|tncF0p_n3?VF} z`f2?NA0mVB5=V69$=q|*7N#u!)-U%?+Rz{!wn~He$%Uzm^bUu$CHGg>_@>-^TjHi8 zo7a6o`q2pwOa} z>!;x&uGs`Lf{g_0s|KcFuJzcLXzcIl)uU5$`MGuSgu|!iAIO)7=hjXrGJ2qh5fIrf}7E0Ii?`iT4#O4*O+5 zF1Sf9iS$Q+y1;H?R#Ws9GV^Lp|(UH&aEZ9Fr^o2|p09i}1b@4r$c^myHjDe&gW zd(%c|C`z7leMZ>Hx`}G3K6ya}3+o8W+Y$Ubf&t_y}YpX(Y|XMP(86 z<@CWpW@dX*U9`~FZNfz%bz>xVv!5vy=_>#xCJ<;c#}w=-d3!Pf8WS?RgUmrKJA6Uk zmMrtrT9+RX)E2)~X=`e^AfbIy@L5NEArt4DaHvl8pZ`mQ>;J36EJ3FQtee5#5N)}w z_myO)gkFw$vI-l6Kh29jzcHF;`MPJ#9!F=s-#}kqa3YOUM+#Q$vg^r%K9Wcv&aQP2 zZfsNjrGf?Dc4bH5zY-&916zVLL`6G-1g@f= zQwtJ)^PT$)h>s~seJF#Qfx4RM)X_}ibIUE+kKAq4@bT#q%^>#Kl@1W6r~fQU`Stbr zHuhE?P#5PBAMTw}4bkwspDwiB5}Zh(Gol6v^VGKrk?Gnz^pQt&Y_TTetx?B`iUk}2 z)@=+i0;NY;*$o!!9wm|i^>9Pn1$Ih8Px(HP+bLT`Svp z@{jq<;)a)`BL8DW3UhXUnIlWrMT3;D&$~CX_f(l5kSv+Qch-@u?{y?3T1DEM=5Prc z*KJ96g|g|jv$HazYSU|f-8mktYt*@*o@_wxGde0=*K{(;8QRgz065Bz1 zEYf!QR4z_cW52QfIn|g_|0l62RP&t^(sojE_SCV@spZRq(_wBXN%7n3^KbKPUwO1u zU+%^6%dU1fbAcv1n2euad$+RfPOiVI>FP`T1EMJGbgrHo%1(G^2{IPfXLzMGrpUfa z{C}!zaZ?x4;TEIKyKbnn5JP>%4yZ{8ZD+Y$ZLb>T%_nX9kCV;DxXnl-K_)ZlCa+(b z7E21T)YWj5MGw)B7tb(LCD`eR_QJHgg6T+9L<;e!hF3=>`g(wZNLV<(9JMdfL$0!i z)4Dp$FQ#8boS+l;T~+P%{_gkv1a;m-skG|51ylXPmScRz8MTh6*+-Zm#P{)I3n>I-(rLQf`ZTch z+wE@W7@wi@F{$KAfJhWsVE7ATiNW}4v_bQiB5{zi(yf}9oUN}*(XQjI%zi^ZZdfGG zBsZX`r-G;Adhj}pL3f-4zFNOMYyKSdx8K{VX?1x(0C^K`OShf(93b2mPlGG>RN{_^ z_>j!|RYIaJXfzzf@GrG}l5VaoyjER^BOoRz*pyG_syB+voGVsj5%t1f`=YGtPg3Cd zzldC)Z$Iof;INYZ@uR|r>pWq5F6*hqqGl|I+hPf_9L!Q&7rr!=kJr3gVa#nn&^fP; z7v3sP<29$sZ6DJjyOz_ND3s5t(FKvBgsl_=oBFeUFmF=2dQbf-k%}w~foe zcZL~;W2}}`0>!F8A*BZjDdFuTu~U1C$$|F4r$20&Zmb8sF%D|#>NRZ0cxQx0WHEe` zWh#Ph-@A(hc=0*ZYr*05@r?{mY?`uI|N0;?Qa>MvKsJ0vzd+@X<71hu%c_ly78w$X z*r+R2DsK(WgCp03lw#hcTDT~S$e0CHlzgIOa|DTec|)ZWlW#)uuhzTj8`W4`=O%uNfwyS$j!u^ah8thF!nP(gld1#+NrtqKY)Qo8 zlcHmMN>u?63oo1#;w8{OvcV^}9FS^_#%+&u6}jg#B>#k^$z|;KHoP{WS(T|JKY0v| zdWWa6@uSB6!WFFm;+)IHdocG>z9aBxx?QV(@#!@QTDU^~e+aNIdkBY8w+UkFS4ab! z&_norP;p1Ag7?Z^OSEHjZzL{JT`|-jJkp-1^%ZdD|L~(D6<pA0vWa+g z9kJQGp@LOb!k9Ef0BSK?AbI_uY@|(pYr*F~r|C!_{l=L>hbPb)ppm{Em5!CkQ z4I+;5hVS1X>mSjF?T;lQ44MPw9MD>(zO=OcRMqJHPA!XpjWZWqmN`}`FD0pwdYO|F zGs&opR1oG@wR?&o3|sh|y6Y#rr&?m*nI+FMUd`n$GroD21A@F+%yfW2$n-FXSu*g3fn$I;Yc!fs@i7M_f!hl z`x{wg3`JLCx`MnQ?D5f3(WtI0Wk#lZbEkK*I=}of-t3pozR_`ku$=>TfBGUNh4bxS z$d?TDl{aUCa&==oQD`93Oq2iop8j)FqVW8Sn4EdmS2;8FNc}$QpciFqS0-pC^g?6# zf>B$*P+ol&_IF>wsAmJa#VA;%3UWF0w45fqRKbclWSQ05{xR^)(;%+XEZOU(RmE3K z;vCfJK=)0xLHD-bLu=tMfpJ$KKE=I2G)A9^bys_b%h03#ZpoUu5FW03s&_djPpdz& z`;>4)>k?*!)xaPB!KH^JNpS1{wh@zo=w@jUx-d}<#s=Nbd31s&<(@}}<=jzC$y}Qo zaa8%c2>s(vw$`iGnCE~m%gObrg{lmt_Adf+m23Eu!Bn$}I1Lu#$qjbrvmCh_&S%+B zOA!qWW_#yG(jK52X-+lKgFBxzP$J%I!?rT`;#`5EZT;8cdYsQu)BAMV+Ita5pzC0i z&>*YkM{z_)CWq6+YsUc=V_~VfXu3{O@&EMy^5Q^qEe})1DIQp+=P^l5rZg=QXy)p+ zR+U{^!x6qs0eA5fVn|OvYMz+J#8EViO)X=0GhT*gX}>^yyz&Mm^PxMy$Z;D|nSYAj z{9^Nf{Ua-6`%9}b38EG}^pKy(lQK1lX-gvRry#E=~Z*N9mHHJj=b>+#@nmBseQevxI5>ru8_!YEpgeJDd#sKQFMPPTVGQE8*93+|vyCS2NBt|dyZL!<<9z#2A zv-(USTbt+3I{0j;hON4|bWKZ+e#|#nLA?|UFQ3%97_76NCvW*)zrg3P{;wPWDXp7p zi9aVye>~caF^v@nZ?J-Qq!R+-Y?j;3;ZymKu=zq3853u_RwJ=-mcj{+<&e3$rB~Pm z3liysKw}1`J*;PFWwg~lh3rG$yk|@>LT9JxUe%q}o7OKh&C1daN=@uxYczjH8 z<}1H^tP@`e7WIO2eEBr?YeU+JdqcXt4%eYe@NcpBn0_{6W%GXs`(grsTq}M?ZOFOG z%;cwQcc7_Oq}}$H)+BcLn_JO$?*7#cO%{~rKB0nrI{Ix~g*=9c=3`ERnrYp#K}JJf z1_-!IPkn&7S{~tQxb9I&l1WtgRE{?M8H1jQrQr1u zxfQ96s)F~I9gbQ%(eX~^VEAz-Qsbix(F;6G8Xa?v3Evid6U+8i$iYYl~`i>_X zX#0lK>;+yrL8cwn>(!DAW_1Z4>&+%JJUkrVk~h_piHwDtTQf`CA?Ye315I#+RGPNl zM?fyKq9Jr)I_T)%MMp*WeMw4`rn*wvkheHNtfM5XOCAw?(zOdm`Ppf~5yP8=HzxC*i)w9y*%bM= zwpW2GXCmQt)QWgWvX%24AKDnuA1-a{y|dMjq(ZM=EVe9cB95@{m7YN%>Z|>6RaqTF z?9m#9KI86aIYiHkbx%Lo?j?QXhJ*`_QBiqzdhHh> z_Z9oc+j0Q&$YH-O`iaYiH8=!L)xEWm3ZX1Yz%CYd7v7ijtHb>KyrbO-zCt>eeW3{Sb8KiReEFj0^>n6+s@w0$%=SXLx$y)@$Heq>Nq}1|0NU6v zp)vNYeZswQ9%>RRo=?Zd!6sAOaz5W&nr7+(s!&qn!=CaHzL5UIycb2p_VHFf4RG9& z5x&*EnsKRTF;gNfyyPHV_k+uSUSRZK7HbKLW`-O#qoDmzrdoBcOUu@Q3T@0!fEKEE zsl*$Z%4dYisJrhE9lS4>gp27uSdL} zMhfNn5 zsO(u-E<;U6=jXx5S5TO6eGRUs9%*+wAD#f2mr^nFtHlD##w@`9mbA2_(9_c&2BHZS z?%thJRmIAEbX3#Ql2UvMgIaP4@u+=pa1wX-U>iL8vw7WWQa}0e$%jr*`PaTWd@Gq$1M?~Z?yED?A9@o0`ki|Sv%~9W${B*+jy1*9 zF-f2qSelJ8^tpEgLI{eLaUk18NPEg@x=$F?C^ctTniFYUF1OHsREDC5? zGn`>AG7KDgTNx3TC3Kn#m69hjOLB7j06mb3Ca#qHSe4qhVN5cmC}0b*ikuurVPRo- zL5cUXIGO0lf^E+3E+su9V_wBy8-TXky%s(Glg}sd_3Q6dcjUwCsqS2%_l=30E7_?T zKzUi}yRn`(nVgy`G4=kezTEDKCEH(T@#jiiO;=5vh|eV_iYPAlFC`VV5+{}rdRl7;bf0{pp#}`VaZN%S}!p< zm?WZ&y@p9u0~*TDP-T33BX0LC%OQhHTD}m0nDB)nEmcAfJ)CeH--Uxjkl|Qy5kr9q;kpB#Eb@c|?X@q|3v zto0f-pN%gRzjQ;kz^OPqr?9lymism;vmr+*!}rli=SC|WB23Lt7-F#51SKNTdSrMw zUHz}?*oOAb5N3gr=iT4JNxf%P!T1Zj;e!#!YfKE0B_*W4!PbGNq4n?77@HJzef8f_yAYN5+k8!PSe_7`c zM3ap%Iu9f+OU;_U^lkX$6=%EqtF-u#RaE_ahmHmuX{0mkn>h*?0L)V(H#=~{Jqa`X zrZuk?69Ef={I7NkTb&X=vLa~P^x66&-+-~R4b9BHn!&t7+4NX@4s%dM1(wd>r2TLxIC z>Ru#_yz9m8HxgUJ8EiZPSyj8PC@N{en_kcA*=V7O0z^Cm(z2iyK19S*@kI0~_5w3t z@I+pFywT0Fc7M;O^(j$U=!G?txx;~9kKZVuqIbE`8n4nc@8S9U+TyAJF@rjWN`>g? z1PF6n@AL>e&MtdstTONBY}5cHWNw^}S?TM3%k1AFpt!ERhT{~wtqqlPSBI-EJpA*a z)jA2_+Q~_E{T2aZaBG2a^M|5eIg=tfUaJ#*q!?vW%pFA%m5{{T5%O{tLJ7oE5`yJd zjb@k$@tI|rPZ)VY$LxX0}!und}Szc-yU)9 z8~KZe(g%A(ZKfix(?+%l9eXd=TJywgJYNUrycYM~g;gRrNMdNPhi;B0W+O5&<7=cd zKk95>{0905{LZynA$1%yA4Q+HGzxS>S(mFRUi+gdQy+cE^2yd&K=?50G}ZlY5RA^? zqjU-V(Lcx>7-s$kgz&gCm;DV#96&_lqnerNcT6c6SJ$cv&CfwFyFxXR4_K? zmw&y3Z+m-U2>zQ;1A|mF3V(AVM&kRz1B@DHZJ0a3cW3hX{?Jd#)bS;^1YFbk(XX;$ zvHnPL4asJmpVl_6x;H}-F&>Q{CYTBOtsiY5wCtZ+tz(kL3G=ShKj7QFRdy| zpiNnm>+&tR`!!R((+w9nAi8eM*p@@pTYw%4HPjE2j<2imAxG^}vb~}%D4HMIYS@;C zQ{8;PIqhLixU%pI0+fwc2#w`fYqT=?e1lGzHCuYf?BzgT8pQ(wBz3ulS>_>%q6iG!MBs!uH zXDT7Me)?NWl@ohh5PxfPhLsJ!IxJ&gF*{NY!v~PvTYIol?-=P_X8_`jqM%P`j>_Tr zfns&nRYl2NFZR>x{Th|VGkA%2V^id{RCDS~bpNdNnWe#T{!{IjhXsOaB^#TD7~$8m zrnzFZ6PM5bd@G-o_$%H02zxeRxW=tpNfKv~VsWbgCT=(yLQya$I#vi+2ty(%@7{-? z1&6LnSKcC1G2F_g?7wl@(q=lG{8A#3r%$S=*Y2DY>HY&nb*CnZ=71<(A`#7#_3`Ox z#{D3RYKEX>PrbeXX&!7s9+!e{kPJufVq`@2nM_Mtnd;H)?@}(a*GLScoW;*h?CQ?G zawMGgiwjmV<&qk88cj0In7CZV1hn}sRHC>q`h`+cAt(goW`15qXBcsH3XOYeKVIYi zQ1Yog#}LOcp;HY=WG%HLNml$3ZHX(%7o`8xJBa}dzYn;T%Bz8o^>10S-nOhW}^& zvX}m(s=mH7v5jCy9H{@2_EXE%*ZL8~x69hreFR~(52;`NW*|%8tGyV$K%#~aE8)q7 z2Q2m6v`R;tm{C#7^K>*#H@PPz__YvzfWGX@28BB-{TTj4`{iM0idStu_N>JsatG$U2_r#HEq=OM&G%2U4vZ#360- ziuNxK995T2F=_qH2f|(}93ux(i?`}T^17sNm#beIbD z0H-P{&WrBX((@6PFELLvu*wGoQe1jdl!33&^Zs_iR=a(-pT%L_Ido1)l~e%~Mhg{6;qZVxvh`!`|D(yo_MZhqP!cII zgxeFy)3rN2uBtFV)1l7{Y!TZ;^sS6%qHz6;<12qlOwg#gDGR$RGN0|6=R3SkwLUtv zPx^g!SY=v5Goyh5ok{%&=O0#v8Y6vEgbvW48r;V<*8Axbfxx024*?46 zWZ|cpETm`2&bz0T2CqkYwpqI|;YP#CM#BL~H_>$m@ zRttGyPz?sxn2m`oVsheWl_ zkk{gwz|G@Nrcb+)8ut%+1I8Aj;F_#`MWu6!+_EqSJw zPrRn+dd|~7$&_l|ntk6PpRUSFokxR^OHk4svU#pG$yzK9+%^;`Sg0MwH7kmY#NZJT zVt)7Lk;qlR!@^>4ebVotUKc6&8ih|yfF))dV_yp>hpPS+&&6g%hW{;|OK4EIe^^6E z7(w91u8|=r$hoBl150h#)A3(8{g{KW!3mj~QkH+Hwn?y##T1BrZcetb+n!$Zu@85o zb4At{cxj05+VDS^n?Ub%%X$$SNb&vfeIMj>HCd$ zDYvypJdG_K8Sd39&2R0-UFfxdTq|jZ2EfhV)PHHf3Ym!_u%Bv~G@2YRYr`jHWQe=1 z-}=pUDsJd=7;akp!8>VMDN+iJ>MSJU;c4xty_h9DV23=sVz7(pENi=j>m~L6YDMJ_ zkUvWw|0zfQhFH4%SGVV%6yb;P{g@rOs-`5p*12?&6*`BjYZ zJQrHqT@96eIk98QD>B^1f`DjWkqFbIL{gJw9e*Jn6o)2jNq;#0{wmj%1(@-0q$F(K z2&%w{m{M9i=Z$KkD$(>B?18(`djy)wo*kfB9kyY1oNDPw&R}!tiH&m zdVqPZf0##=vP%nEZcB7bsnLv?SSlMNiEecOrn`R#aCw5>t+bTy&?@P$0R+w~8Ik(* zPhhTHuRtl9w>*r=8-xCr304J0z0GOrqa>oVG@wa>1L6`y!(vFzv2bv~uf-Xq){Bz? z??v)Dw7f+q)sf$r%$T)m!q$J@x`U&mvFPSr@7JZff2GMwgDz*76K0d<-~I3wTtV2A zgX(u3ZTrXLh;g6sm;A7iO&LP2yUx$uY7BTP_2b7p)!k<`8K*@BWn1+D6;@JYi0uz6 z-u+Li7#2K0|6#>*FKV6lUjVU01cmD_+{mN?iTqQcgR5kc(5*5Ev4EPP*{`ndx+I25 zE;v{sAxlsEk3*HI#=kj{+H@NB*YuMBY3!thkjCG>w=m$xRVfmfz`u^ z>A<7CDc@YrYGU!+ULVGz+B-d{T9LFkmHa07?7%ZqlueOb8TTD+sT5&m!vaWVm*L5_ zJ|zuHI{Sw4+o5$O3j|6#Ee5qAacIlTmMT)B@BR97M5tcaoJ1qUG%-OJ+@v8>f-5r(f^?2_uKC;;6RWfczJoD6f~#1NBx<9 zCS@I~EIU7wcnx7$UNYdL)=@OxPe1(EGPsRs^?eKk4hNUocdyUoOLC7M^rNlk1U(ZLs;gRByFeB8Sj+D zIB)l2B{FmqJlO^*qmoqc6R}KD zMTf#)JeNo?xIpv$xkxJW<@HrO4vUz0GA>UkiT4GA)by=yQP#Y!T^ii4xu~u9XlWS20prs|nGXT% zdq4mbnIowlsY-ALnmLV1H}uEUye#-_PSX+Lwu@~cWd&E}*Nay?(IHIC?IU1s5l*An z?)5Jxmg#o;cg^GM8y@-izahxDn3Lxp{5Y2(eWgfpukIK4 zNPx<<%5>@x!1PI!3OxvU3RI$z_5tw4{r^-B)kweJ)HF$gHM=93@)4Tq{#P+2J7%VP zD#Xn@;W?RK{%C<_Td^=*Q_`3OAq{0#!nE92a=z`j^C7$Hk;$2{J zX-zEW9iUHW9&Ot;lx`W)}HO)NiQB^YwmL0}!mGq);%#b1zF_!YyDD^5_%M4>~! zum9Xh6#XnriiL$WfV3VIK4l*6$>Y5K0Kz695IgU>CIN>>CSB)+WXxe5|4U2}y_lGHisgo6H)B=0n}%iKSILvX#JO950*5=gzYB0V4$ z86PxaV$A(GV?7c|rFOsW1aE|b#rPu9i3W4IF(n|4MWZi|MWZ*OQh7}aj#S7YT5EHS z^F(6s6XPK{(VthM;i`ZXBg^Ckv_rV67JXEjV**|Ni%x?>;ySwzn@qTjHyx(R_#UsPZA%lqP$VdxN%2*+xFl9hd*WD<>8bUz zz^gQ*2s;l9q!&Ab<=qgs<>DKyW1&b#6kVv*m^%?xzy8s$q$?<`K5UE;IFgr<%zKT1 zpwZBGL%Jz+s*<}@vQVBh<4@!=)PF4`clUaa&5oYy55vz7e)D*XTHfR+G}yXvF=?gB zEb7fEF354J!HsAk%GUgks>~`s&b2`WEhLbXEZZjO!f)WA9-NV!oLq98YZp`W5o?ds zCuX3>2n$%6UbU=(vdcxvVv~Wax~tR=?aC^G%Gu)w;X8_Tk`GRG#;qOGH8k|wWhry5 zSO~otAvwyi3U$5+R2z*yN8Zk@Qeq4GL_UXcxj(|o5*1p9PGVY~)}Kos#+8$GF=cG+ zN2)l2d>Rlmo)F08uhrK6L$~YvB9z@_#3=t$i6)R&D79yZ+Lh}`4g#b|+7`p+^(v{l zQ8>s^CGq(@UY!iu#{btBZnK|NeH*^+cwQ${@a?SghhLiXy)NHFUu#=F8N{pGKO2Js zBZ5}{2bwHHE9TMu+PR{=VOToemRc*-6Xa59_f}*xLfQlGWZhE9Vpm2ZqymVfFQaJy zEHY90KV*GnRGdrGEfyfSLvVLOg1ZykeQa%Rz0$~3<-~+zN13_&L!QMe!s8eA&_>TQzvz8?6yo%UITOxNet?EX33se444fe@ zX>1+M9|2e!O+Q}vjaph;k3_LIajJ|ig?K~*AH8i7pKY!A z>dpfjY*fK}kts<@gI-i&V?LqB?hvN22eubR`Xe49{XWtC z*&)y1mrV!Uvb%`@kCUxyofsNk#%VJ^V#DJi?ANZ0Zi~D~RoH;_gyP-9AMlvblARnz z=S=)GLcl~UxNk1-QjS#h+E7L!UeIO<_c{uygHJTn459c3!_t)iEE@VH2N#RTz^y&nc9@|fK`v$8HNPMOSs$JbK!a_zTAU3kr8Ci2KfTO_OJLjozl5}U{+ zcucPCBxg`MAPKeh)S@5L$o2-WDT@zxISdqv(T#gGG55ovkw+FM?JnG^N3w=W^EDzmK#H&&0g#2P(nel(mxtRETb5l#ts zmf{{kzDRKaX`nIwWI3iG`jtQRUOzx(iiM)*Pf{5q=9A^RXmZ3lpRh{YjnUn+s-aQT7AoNF^ zQi~WND%HWqMl>RrT1n7U5^2j9S>&zAt8NX;Mg3E$NY)iybhco84T^#R9V69+DX|`< zYBOeNQ5j#)fG4aa&u<_m$EnuC?HIL!z|2*qiG@5)J%ZVuXK4TvelUlMuKtYpsZqqr ze2-XhKh-d_0SwOScgc|K++vog$=X7u3=v}W7Mfyp8h=oZFatED=?bq8>Xp@SMk!rp zW^z&j9SqXZi7Eo4r}(v05gWZ0@}IE9klDTiQ;qOAjgmImkSdIVh$1=WFA{~@6FzY5 z!#d(=?R9w0@1JM9W%?(-?6Ru8XMdg=!U1=Mj5hJ~+X$(wT&tHhC?m z{O0U@KX4tL_5tfcyV!2oX5GEBq4T=)*Ax|3Px@lrM`Zi`U7p5sM)^Tf#`c0(Vs4KG z>a=kFAmtCrLsqnD%O%h9c6aBoUj@wFV%2X~Oj~QsAH}C;L!;|jJ|T7V<334Yp;j94 zf!deM&$PyNM_hM`aHt}3$fpDpY0Aq}H(k|%mj-O=M#4pXjzePhi+H30yY&HiggXAE zpb-|XMHkoxX_PFnpab@pM8d90D9Gzbi{Q(BEtO|&PD^(PdNtnX=b(Qv{nmrj!RY;j z_4`Rf)8W>}^(c8KHbz@A4Szm+AW0Fm`h?3zrRPcPlbxepuGwKsI0!jdg&~^a6OiK4 zuf;P(hNUNI%@&Aw9kTgM82~|MBX54i_xhBzw=bHIs7A6EL-g$vrCx0@b}oUA?jV-N zp~z4KJojE#?Pn&V1XqTup9sX3oC^}s=N6B^$aSM3^Hkm*%J)p)USGC%txnQ?9Ci^+ zB^PstlvQz1e@OmGY-|<;Ib#kQ1m0$NFhG%xenWS!`<7a&uCV`zW0mW8#1dox;}K-L z4`mZBmI^E^p8$qADRPFcsmSpo`o`)IZ4G}0c%IB@?}@I$_woZodw|7f-+3&^^yL|KUy+$?&Oux+vOm-~d3{b6cl!0ZHZtSCDDoipU0Lgdo3nAp+=?Os zgq)I^#@tzO9n5TwT;rCClbM=?Ld$8Svl4k+E=zxH4P%KTVP&P?&j=VXXXxl0-COf` zBhh3ypl&)DW0g}>%yA$8vfs%E5hIh($ejF1&pW2gn%CvYIfmejSQ|4^J?vgp=lJM| z#>=XOlM5G;^BvW*Ff!rLu`mg8=HcOyM=ZD^dMTLL6L&}A$pNNP1M_YJL2_WpXu}`J z%&iC9!bSvGt(GM{9^vz0M|poe-ki{dUv7AUAe`|)qdk5QrK+;GJD6MBwOQK|e|`1b z9ytgX)VO~F9vTULv}`oMW{xD+%ey}E6rbtwUduSXAm8cFJN1XY;CmdW*SOtjUG4#4 z*H1p>3!Z#=g9(z3M`$wLBJjChUTrDLmdm|sXozilpQke|ztFA4I|dDES1WyEqP3eN)&WT-#rr58Dk^@XIDP#r;Shg*6iCMQ3qmSR3X$*n1Z)}fXNUL# z_Fhk#MZ8CIYo^2d$Y}WZNuT;igHlFV9?=KHz z#h5%Z<(+aL`$eQ6c9L}lplo|w2G|6-YfF~?EC{da23QRn}>9IR}yJT!@jNwk14ZP9EM zA{w8_HlkLY&OsqOC+2$6BnNN_fWq-571U&WnB}g?mb7{J*&@mYf zI!=>QhhP?Ah9*Ul&i+XW#eo=iYPb{{{z*1;P}japchk2GZB!lZN>6S&ip^SACPgUb z3k6?6E<1iv;dZ~_CcNn|t7a_wtL)_<3$|ZEdm>*3(e-qJLg#b14rS7ADeoA-P{gl0*Wd0d*zzN~b>vI$N6j)25 z7k^%b5yrNoY{dO)z zP!3sb40qzm$|%xZBjy;6^MitHl6bZ-n>H^87?Npi*|ZA~%>wD74kC$lenDf2jkVrA z$Gu(++D~WCA&DC(txaSH%!%RYkX`HWDkzvU#{%o|QeMyAtTt=qRuxrcf5-5)#ipeE zewq3Hkld~lESftmquZY4@x)+a4QN85DnReHBUt7JCLy7qssyUv=~F4 zQ5tHq61qOqpEqik#Iv=bWIh|p!^3(CLVeHo@n{||zfzt!_Qx^pQu8P*P-RAu-h=Ps zJQ$3D6>d43t9jtu2i{u{_0_wLHvg*3WZ?!FB2XegZsj3^UMGP>Zxea7C2%}W7&gZu zJ}CEUjI(+>;=Z1MvK~wVEs6Y51V62BR#f>GW2lQ5ni7Q%jx@YZjH}&)tHtYo-)6z4 z*Co6s(H5n_Kj`nj>iJx6KW8PTK5~@3UegW{RL#@JGFskGiT`-nEK< z61aJQwMK>O14xoJVYpu9_n4_DYSpD`yHt{J0#6moJyLuYP+Hp|`M@?_AoJ{&lh5wwRk)kS9hlxGh1 zbUh7IqF#-b@l=(*I9XB<67|M{>*NM5yFg+ghuC@fQz4oXD2{Hk;qA+e-f+jsH@hb~ zi{}l*$Mftlm!M5jjE9OcA{v@NyQ@pnPsyaL1l+2>U5`o;NlOYU5_U(lDIqC<)o>>J zQJ_`388pRDH{1Tp73Zv8uUQ=OehXXcQ9As%Zo)SQQxc>~Q+Xp9Om#Je)8=;bdYF)+ zi>CEmfeOjTvd}t4I7J#!NU8R>i4ISe3PLmG6&12MBJIx%$)$TI8~pZE<++QJN3+&Z zx4zpgSEqqB=5wDDKWf)oW#8AEV^VyxP(Dwhz^Xc!tN$fh$@92vpLp&g_fa&trPZUS zL5KyXV!yA?W}L!uz9BfiY8rR@J28U;8*R%fc*iq$8 zF0;F24&WwNGgto+^sEH4+&qoh8vKOnGG{`tsoGDKSqLx}qeD=t6ddcZOc7X;oA6}F zu+v3QkyQl~FW^6JUG14Mq2E6R4BqT7+xG!UncNb91c1)pS-mlx@~3`B3+DRviqMm@ zB;h-se=Rc5s|keSw{Cq1!76Onvi8ce?~}=Dw8uOTE64G;nNb9^IUoe88I6BcJzTB? z_qaW1eh=R??Zo4l9J2BPi#lNa!gTrUfj8z#f02>&J34_ zz(oUv`(5Q+in3}hnbqMulCGvn->7f>BRWxnLIz2Xc{l7zSQE?4Q$^b`u}2snS_<4R znW{-V?5dwl&@;B9#_VN_!0VfPh8FPNp&Ccv375BDeD-*m37k|>QdW}xP>cw5|1@#* z<{|fpg4OVQ>*eCMaw6nz?V%j0Ih39!y$qP$;2Nid03@W6X}aBF;`Md@_C*yD5jKZW z1U`?o4Io;t$rJPgyk&;=k*bOHd9botbb3>Xipg9GL6iGIvhsK6og4+O^hEf$UQ(Dh zDsMvkDSu4NytWV%(vS7cOX|faElH~ut3FSh@TBS@bt$USr3@8&kXr=>r%sVLv)DyHHkww zJZI1>ezY!Q59TbVIF!>6^CWYvj!W=mX;swHw^>ejhM$UI6}DwaRV4UEtS{4xU)x&> zAgIa#&#Zg=MD^)a@-~ zNhM~kA+Ok{kn_VNYG9qPQr+rAFv^lf-&{m26j?;M8L+C+YsGFSLl1-Xy zcM>b!aPr;00sdEv4pziI?F@7V`%~9P4-b5)HXF2uYIaxmr;+;&gZL$stFF1`pHEpm zU+D2Ub!juSuj8H5B~yW^o>AjlRKg$x)KNHW5)6jXlp0V_P%xccgdcp|S!-b#+IWtQC)(x?cYl$djP9HgNHWm5Qr`k5_Gc!#Fyyuk&$`S762G8U^# zt@d0WAn(T|w8t_BNEYSa@Gk_y_&dIyLlLPs=|O{taJ>=AoId04qN7cz@RsL=!Du%H zj7$lhv@=H+pb9D|q$2>qhE#-Ub=|~$N;)SSt6n(V^NA`GG*W+NNk2l(txs6D-=GE+ zMaxDIpQQkBu3<42Y}}WE4Z*%P#cCq~$*Xmq%8FAM(>SL($tC7j zOR`+30VI>%#6$?+UJWjV8s1ZAO&GwQ@ztzxJxiTnMWQ}EtG)Q%cy27WJUO>Z;VxAn zL7{#QWT$~W5JZqr!7+No-=;J4>DefsRr3fDu8D$5xiD|xEtJx5swl;QVL2%a)v^Ea zg@(aZyhN!3)AL~_Lau5vi?&wxnMqTqGY8jJwojtk?vAZ{VY zvJ%Qt6N)1SrZJb<^N0Qdft5_?FSMUaF1L=i^%xU4m_oFGhbTUM=;>Rg5`n=R=Is8Er|{lHAKpft6W31pDOAJ+rFSY6+ygtI9PMX)`tmpDSMmZb4ehzk@1*gibE zU0v7M(V7nCXg4t~wjwzd799rnYr zYE|qhF^?$3hwGNhFSgRd9mfn4hoAG#X#BFY+2pkeetTnANY@7+ZFBFNT&LFd0fNHq zt|v=r*enXHeDkuvsx@7GSQQL4B~5*-nFbdn14q&*)|_wGkJ6h!LOJmaz>tFO+X-+o zzui^z)`Fngeepy-oQu!{gHo^>Kq$-pM7R&NdyWIi3`Ientc6Cv5v7s3g6B$fw{fCE zAiO@0+`;MV**8bxhaxzd6P6{V2uP%3T;YhagqA5zFErXh5zEXT7+TSWM&EWh1lA)F z_Ke}oN^LYsgoWnhe2=DOF3f6uVkpeW2!fd}5Sx8vh_1tBub;&UF&^oiNnURKLCH0q z+H|`~at808YeZN)Zv`POrg-G>?YMFWm?Z(E8^7nc0tuw!c(?#DmhD34s_1-#xT=JV zHao_JuZFK~?Q0Y>ck|=Lo&5CE=rYP1;I(BuNj!Y}Y%*78d-O{mC%`?-oHFfW_r&x< z5so6Bjz65ppU92_gsNE3vIbWnruyg7B7EbiF~U-p$cUX4*0U=1BzH;tn{ug^fQXsD>JZ`Fhex;4$u-f=$FS3LXtJL?!;A-dh1dP<%tm%cA_$)1SS08R zQLf`!Q{LWElHTB5csf6>E+I@nMh_@&Zy7T;48oN1pCh5Vmf)AGkBqB}tSlF+=c=N> zEa}QglMru0knFGVgI`D+50kt>oPHB#K-QDzj8onqRp6cLuN7iTM0HhK3|O`bxtjWd zh{iaYhUQ8^a4SI^L%t^x+ZP{KX3f$TdIF9wR!vjULEZQ}u%i!>((_j7r%2`^43d*1 zx0r*xMY9ewN;plwl)1h~^S6jH^4xIG(#-y;==_gE5tyWvkqA5&%nXB=-~L+~`@ffU zXCUHj*Wy-0C;vY#CZHdCFUd9n=0Ykmf|o4N{7n}4?>S&&LW38lg>|BT6XpJEFXH!&U3kqMpQwc!z% zlg`d0R1SazvzSr8P20RJ@;RHeo2pF(Ha?E_&Pnzm7X!WjmT{L9XSJ!R;cEB$XL$+K zkgv?6Bgj5RDVn^}g1UWUEQm3`EO~ZuFK~wDX4|PQkn)M%0~QUIcpKJ-rlYnsrGhW_ z(1DBx!xNX>_vX*GevA*QDo|dQLkt%-CF!F%_2Jgfl2+uy8mzI1&nYfWg2u+4kVV+y zy2*esbRT^_zBC$EJNw)9y_HAfRq$;+w^i9PcQ-Vp#KIBiwFg0 zk}0trhKyid{yIZoD~=ru3K=w!Dr9FmB5~XzI}oEQdAAY-3VGdEBhD=cfgvL>p977b zOSTFNk$}TkCPq#_Y^^DVJ7Vu~6dNs@E6m#L#HCK7&f=C0n99B7Qdf3dd1FEd^DmJ`cUn7*ig6X%&Rr$qH@#2RXMU)b>TXUd1hSRufL+ucI?uUXRR4|Grc?U zVllW|%>Fqarde0l+XH)0dA&cP;}r=hk_sTG+rZ2cM$X8~^fLSS$f;z%uvRqMEPk^X zJf}#G-+y*`7<^ZC7CT7g=u}$VWIojAe&Jfes)Y#ectx=rx>L>6tM@f>)cnfutoQk* zO~1|J!I^FrC*6`8TQ4=13RS)>Fv_{R9S>Bb1DTBj*+$r`gU3m%nE^;pdUwi?7JH%Y zRNep8sRg6`XlH0ObjR$fm+OLa_vp0cR*QB@X=UMPq3WXHmQ!7uE5c>d<(6}`_yzdp z#u>le&90S2=ESA7sc8`Ps_)FA?XZ%zFAdkn*O#wXMu>L$k>02jK6O zSDkU&&4*ORQu`f1!?eFc;QC~vfU4v`Uh6wWvt$sYqn<%uyFsM%Uq6X#LvVmac$2I{ z<9>y37hENQY-K%$X8Y%(|6ah+eX>VM(81F0V~#1@bu)Nm^OulqfPdTV?>%4OY-W&; zuj<+mb@v??R77W-IO8j|dXjU_Ylm}}$S-358v3t@+U;Z6I+a~M7qAZ0K)LFy6BCYn zY)djGn`VIRKzL==fjZ5$8+`vphcM%-nVk7IVc58~UUTjn35W<7Vd~dcJLsqAkq5%- zC*ZAeS-^HWkg@one-kQsms^=rRbG3pVqXF>ejo_tae6;)=KLAdxHb}H^|K48C-%>) zsn<)@!%163Ai2;9d%M)H3pKvy`9EXeAw;^#MI(BP!C{>jriiTkN`ieM$sTzEo}$(B z=LgadU|#<9O$aj|#oD>qsJZ0TuD_y7ai|IavVej_!w-AJoX8hk&}r>oO7cT=?-#7t!~uyO1CqdPXR7ii!Uj}zTC z^8bj261wNS)lK=NWN}? z3b2W->z-W}^|s0t>;!j?+^?0qTn#JY`?8G%hIpyx&gFl)ZUYg40-+JjA&y_;H1$V9 zzW#j6f!56U1%dULrO09oKY6`08mCwojm4>`)uD=|%KQImumgGD`n}1uw4kZ2cPr!L z72$Kcq$+i;>K(M>-|!hEkxEAt`ZF9G2*|HsWuow#fk&G5??PSI zAwlAnT2j4z-kqUi$!0eew!{}EZW=q)YV771#9wu)u)TZy_t8fJ;G;L~#+zt=* z?#fmTM~J%0QFbX(3yIR_`{I9c*BBXhP<&jv!oQJa2l-bgzG&}SJn+4-`qQutCDQm0 zcbM&Fk6vkWk{oNNO5ABOmz=t~UzWJ|McT{NBY@zutKKJsUet4re+B&r3+DeS5Hz*% z&y*Z*M~<2k8;oXIwX~#PFh#}gw%a@U9&Z7Gn$yQ3k&~feYkiWZoXl!yqS`u!UiA8+ zk;?JUIDFcOqAJ2l!$Q;kl?tv8K2b(387aqQ$!fjTlvVO=W8le~CR3-D(*+ZatwQLd zSXIx=i>qRx@xPW1R00;*X*9MD;_!guA0>#AAfe?RKId0FSj{MqH934njCIS5xK_Bl z{kQuF%wRkshq5HcH=OUL{e==as1xp@c~WeR*G!hj;w<)$NF(_0faX*L9-{qkOY;O^ z4XKAYk19t7*Ao8DhCblX3Tz5BX<9UHFayBR+xxP|_0j>65up`VJ1Q{`Be;fJFi3Yw;Y6RZh)vW*Z;NLIdY=9lXUPl}saQerq{MQ!H z#YTG5$OjVGTTlF%YM_yPW~TdsfQQ3l;0jjmxOxr#w--7{M6y^y9v5YQher-!Cx!wT z+d?hlz-Qinki}w{@EwBpcyFQKGYxKThTgAM!qB?(Cv+RbD{Ki3wE_I*R!T zrMg?Ch2@E1OvH@rZ~rIono#Mwzt2}_L;Q@bS<^`C{6|9T1tNTt0^*YamM6EBXXSO4 zrDP5TJ&Uqgmk=SCvT551i%OCw+FHy*yVCgBUC%|M#o740Q2**s$A)O#J_iz*F2DMx z_du5y1T&E%7tUhu;A?40rG`u&TlPz?YEiDB?&R}gi)}cI$8!{)2(A6^pv#cITK6IG z0}4w7+Sz*ckFb1#_`-DA3{P#2#+M6*Qwqp;CAix-YeO-^tG=};d_Chk&Y${kwL3-x z>gP5vYVBVg%tQI08Y5JH_kUDUIg8m7v(Gn*pq&44&@J%VP_@S6|MKInB)&icC25Al zC3N=BM}as#UrBII!U_c~Fs-QAb8DQ}9%rjGzceoxNm?Lm_r$#*uv)IB{e9eq?OhST ztQ*TeL;oU*6tyQtXelMJ05fym#^9mB9qG>AXPDw@{d)cudtGiZRO za|rXP{q!G$lg0GGs$w-Blr^^?Y(UHnW~Q*X9B)ar8xE2szfdAS)Z4@SS6YyW?=CgX z_<-B?&up$BjPes69mx^JV=dCLz%yK09Q?l8vcX~`q@MxWA4l<@naRG-s0`1RRrWt0 zA@G1rEHJq^WaBZmQPDC~`m|<`YOxUy|GKPb^Nnnr+yB>hy#YsA^u~>v|ND<_JR|v1 zz#OSF-OU$d4&5=*5}0$V0NU58H&4=RK7Z$92Ph%1El}@0;Xj>bTSR8Fo&C~W+UO}Kc z@x0|r!TmD|NHDO8Bc?2NYp+V@nvq1s1x{)$0%#8#?Eh>FoS#s40q`B-V*BsZzJ~W% zpmyp-yC42vXGVzB72<(&4tiMwiJpkR$XbA(@6`8?CH(mtpKN4M zwQ$Wu4(#;j=;La)oCwm#z?u^nL8{W0p-D@ekxMQ!ZI$gP;?uZ4F8NQdI&=jH_a)gS zBrKIxE2e+yW>atBYI9tF;Rdn(_U_MAy`Yr3B`d94I#AM(I0m7yis#!>zsmhrxIlmJibRRJcn7g^ zqf{G_X1v<&dN`DRSH8C~{jcl$-%AGw-}|z09+e{WzvusTulw5XOM81-pu(Tc$bZiN zT`1rnpy?#cAoxFH=D{I;1`OUJ*XmB{UZjC*cIE>Lcau$hx4@->wVFShaI71ulaww7 zeR4%)BBKq?k!j7nLQGIbhH5S1yz!SsxR!Hq5m}ES9!IBVqvTSK4MoKDcc;RMB({&{l9I-`AuB6IV?UXwaOIQ@076*=g%`$}%UV9o` zYA=SqpLxO-SREXf9?E$pqT-52;&Y!HkVtf1x;2tSj?cDs=#1UwDA5{EJy&%-J(=7(rvxuX;%?4UGfF6;{eS^4 z=0jbp+Vu2T23W*t1^|@Iysig-C#35RM7e0zZ#V%pp7D3nsq@AMG9bTb*oew&(Rcw} zi=tdFt=kPMF0;6bP^e^D9ck>()l0lUnNQm}Bu|C;_^TVBYLUCjBEf26zqR9`l1IwK z$)awxdPK(>4(hvjoKq{Hw+LEl2vJ=I^|M<3XXrJ(62T0jG^#$Mz{g8I&YE~CdO$sw z-a+3Iat2930pbrW7=jw|sWg3m_Fv!h?niSXB4Fq=C&YQ>E8u%RJjTl99}?6App&W7 ztyIoVQdsLeEM_)+s=6lt8qz)mw2;=9s}ITvF9Y1qR6qM^nzh@|UHIdyFRBzchU!)2 z>ZTFAGz||PaW>RRXzuiJxL+_zdrK`IY$0)KJSzr`2`dI&6{TR-4r5V$Rt#JaK9MnU z9A41PC^TA=8FZDwD|>DN%5I{qKaiPWx^a!xbsg|lpjewgU+dH2*l`uohdR1l;=i)mHMw)FK~A29(g z;1U@uc62#}j%?ycvNIBo)Hd3__lMr8&CtaxpLf0@un-C&15mW!RYk}cbLR=y>3#ti z-r$bzU-m92EpriCIV$0mTGDe^IKQhh?0iyYI~gl!F(v7xBJcx5c`Neag#S#Ki49by zvWr%}%3Hb3-g#)olEU`xAY#yQm}t}b;53Tyd0o%HHoorB$* zZh!FU?^Hl__I6ehmP4lRD9(1@tlxp5|4rv-y~5ZvNaF=ZpRg#Q1;Q%NEwxo*(>J6; z;;aXdQ#2u&1cD?P2a?S0q0Q5vV*&^efB~#~3^z2g2Z43dXzQKbRHNJpg;Iw-fCN5uZ+^qcl zgOI?WKu}BcKq7#?YB|S6xn<*JT)gH7oYnjOeLdrSRpj@XpkXJ5CLErcWEqm;o(OSz z=@74X2O|O{b0ZyTGZ3R6_)RW2yS>|jQw|+JPT}QGb|oo6o)S*@h6#amw`*rTw-sO3 z+=c!5wQeVmwr-Mymu%P?<>XqgBXTpYZpHc`@vL$(gcoqZYJG%Pnx*!*95xrg6G!mG z(%di=mv~lxeL>Hc{dn=sgc|TLVXeOLJcN`2TXMZkFhGA~WsTBMSDxP%TJpT@F?*3b zr%SXd<1#^E5$7y`uGY-zfc=*rS%?wV{}e1+X;MKxy<)mwnNIPx$6tp6Kei1vY*1>97KZ@slx{43Ohq{WYo6;n4bfw)XvkWIwFfI1TchtDx zI-o-LRHSfgh}}_dBHSCBw|_{1BzT#VWnsN5&%DCtGMrOmcn~;Ewb+4bGiVehAk?!$ zeo6YqiFT}%wLu(EJ3&Dx5un;1SDq6t0-ko42GJ)wfC&b%sNSE@;+hx!GQ=&86a37bB7NeSYAomA$8iIGQ#{ zlPlYRn-&o~CiMHvSWC7749x#KzqJdT^{jbmg-s#wB9s#6Cx@YQn~y|4s!N$3NV~S; zx465i7Mi*_$^?-Q`PAjyDkHQ=LP$&ErN~pdz4eIqR;Uo5IR-dt7up7X>W@};QH|xd z<0)IDi8`-;guaX^aUXu5bW#E64ww%tn&34WT~l#!6P3tJ)+36gF-%Y&9nXg%ox>m> zOP_xOP^m12e{je{AAO|h6NFdBCdx|vHUUhNt zFIZaV*s;OLvzhFvbTXLKCJry0q`~N!LtH3uCq7S9IxZ3wj2jTMNgJ04y30DAY}{``Vw{LZ69y z%0Ws2^CF*xivH}1pd$EchzOjew0ucygpdlv!9T_`2$V`f13vjo%!n9q?uaF>O?g6X zm~WNd6Keg8K*5i(r?Yff47q#7MjXIJ3!-vv^2F{UvD?Cw{Vbl=1}*8MK!<6vBIcn4 zXv$K$QI9j_H zWswlsZ)dD5O85D>Z=bAm~}oXboh7gPT~D^>@i$in_{G zeix)bLbccd?^{QpEeG@n*dA+64z|YHG5unqtGH}xrv1b|YS;ZuXW%6>SBBf-0hJ!X zH)>K)1^K%(@E*QldR0f%rjG(wd_N(|&~PE8OgTg3I?yGIoN6GspX(95!W9GYki&A#yh*z zS0Zd~7y25;hY}5mveC4s##-l8YRd+f5;~UatRDl?Uq6 z;3me2OGC>YsM2`r_awGa{)E{YN3pOsrpQe!gpdX)f%FL4aT5Adat z>IY@D%EZGx00Q4OT|bdk{W`o*s$OxgrYZ48a!9a9^^MK9GS#e5uKKR9FBL(|PxbGP zR1Csd-5yo$b6to2p1M_+@WzWIdIU}R1WyZJO;_0VSE^3>9@y{YKGxiwUsDP!Q*&il zyNa#-`n&2ydwIL+6F`!zwDkS;+hGx7E~|abhvN>FP)bQM9Z~UZ>xvWHzgkv%_;PV? zN@-3M-GZ(CSlhIvS$R2AHp3ELKp!7|&cz|<0CC`c*?2o)wIvXo=!2s3VzDo%iIOp8 zENMb?mv}CR2V9u#i7zm?Q-* z8Us`>>eaTYd4hDzzq#_Y@8XO3ju&W(^^2#NGdFVE$B?GPs)WF?qAL?i=!>Qdffa!A zrO7NI(3H0ZM}<@tCmE?8$Z?4%$W-(h6VFe_L*%u{N4KfsjTEi$6~}WT z-aVkkiKNmfX7hRN)XKwLm9in^Q~KY%65M~mI{1#SoV%~(HBt>^5rF>SX6k8X7O9SUg@7rAF21G%9 zNFuzI%W)W{28+wd;jAl}Q{Fy{Zfefza1GUiwQtUPK42L3!m4WM5wt1oe86LULA=rb zePCI1S?bX3=-eC+=w{SX*iadETMV65wa%%Hw=P88)Z{0RQmgsaOMb~zMp{yl|HY>C zy2z5!BuqvI^=2=zyyi-m%VDNbN;q~pAk$~hSJu0+x=tDptpqr!VT@*^X{SWYE?q`1 z%_PW*W7np!?vJ`d65l00KUaFmbNF!jm1J5Gt_gSI>~3;g~AxXn4#ILWV|? zBK-@EKH0QqH$*}Zi5gh;6#arr4e#OWkg$OiQ!HhG&K&-F<#0Pl*jdK)NMaomi>f(9 zelE$n7A%ZtuA8pHCC}*!=^Pwz#Z@7yY*Jbmm#bhIcvXZlDF*8j$IYdE`T;PLZXr;( z5E55!2ybbEL^x7~C}tU3$rZ_lui8Pn4zMi#T$)8EArYXAOb6(e@A(9X_3AfkF?0U# z)Z`?Y$HDu)vI%;7LmnkbFu8-a@VUe4D{LokiY%Zx3$nKG?exeTUi`3(+$?n6?r`D% z7&&|XFdm{u1OOi!Ls8>iB`6)tvk|0Q2 zpyl)N(#jtD|d}o6~h&Bl_)EO%*0uO%}Feog(`r zHlQhgyggs&c{SKakl~oP>_(|WfoYhT@c08jVFC}Mmrx^r2m+bN&qyXYns%bxvjYFA zt;TGa`B=a#ys_D$!}=Wtiss`x^MZ1>g$j{g|FEgP`C&8h2Ib5x4)Zu!->YR^O>tgD zi?5L{{T`#H>W8VnHNV@hnn^%L9CV=MP-?$!WhzC1@tP-j_h`8yO|}B-&6&EqiV#fz zC;Ez*=yx9*fe9kAFV6M1!qT}xPEs8@aC)9v@v0Zhk)u{jsyCC3gW7d#(erS-0vHKzM zeYB;W_I_XmZq(_5mJ5|J!7IGmLSUF13rlE_(m1qUi%$tSl^}plHL;lb8GI@KoLfEl zt1hK`D1f6Nrv59nM-k0rk?Ufpa?2U!a4rC4@L7Sn;VjDB-Thz!5P=7s13Jg{vMK!m5jezddb= zEe$N%3#jip+okfEirs@Y5FlX#dB?Fp&Rh18zwv>k`NLi2x8XnVw>*}<2|7cFN9Zl0 zM-X*RD#3IiQ=!FvE-6Og3#Zg8dByY_J}=Z5)W4q+K&%l=eRu%8-fHpqjrhN?xn@d= zeKpn8Z`{gsoF=_35g5o^6|!&Ya`(X>r`{`~H;de_4Qho$p zmFl|$1QdGFb=wrm(RgP%iLnM^?GwhB(;JmlFNg}bCM@CvR)34y&`(QE1 zImU7NOvM$%eaPX$k9e=V{^3$5Gl*&6sLKheFEf*N2!2dzi5-L9TYGOWU9h6VMY-*c zcl|@PTR*HKlvcIDa^iXHl&oD@cg8haO_x{Ac$eo6Ke{HBCSX(Zl206_Wh|*rw*W_B zqp}DJKQ6h|FHSVwvKOaZ7#~+g%UL5b#sKjIF0pIXAG6B!*kf3%6_qPPq2`-^sg{Ra zr2;;c*H6$SuOjvm%kdC6$$(0}AOru3fYs$~AhI!OU$T`{ThshsPR$SoiBWyZ`V)H?mc$7UMmTyj}Is16~}!>Rc_iS{rxyJj~GnWJhvu(4gI5- z_2UjHT^Yg?RovXF)sE8i%y0%MHZ{#ra1l&z5etG0^=3r-Ws7bnEv+Z#8fAEW3p&{z z9rT8Ts=z&Ud_ya)%p5E7bqU8!zZ20jy&?Xr(4f-eB91&bOKyJR8F%mG&5$bLRy)$U zeMVed?Rmk0=Z69D(i?!N3*^JrTEHY*xIbw|?t?Q6t7mK6?DEK<%31xhnl^$&EvEG& z^gU0yM`b(%7M4tHnb6Itnv0dlIufzB-Ouk_eRZ%?rNiH0cXrY@TDe)z>0IVMWvM(I zv@t>8W5h-v45eR7-~tz{!AW4ak7W|aN+X`=QCZ;Tk92K7 zy6RciP08)uVk#2<(OQ5!I}9Z~ywDEKrQAdlF_pd?D>MEjEGYP_;v>gRg`(R9`F6Ma z{qZu{vHv}4+R|MVB7rwSIv7jwMlII)ts-9Xx%E313jQ8o2W6t497Brg=ml=bh`ezs zo%2+$qgYe*q`@k^s44N>RosB(6TSo?1{w}j60^Jvl@{&D@Ie70RrYh2h`=Z26EGKw}wG?8(g z;&PAx8(nCvEC_#o&HZNu?pc!HXNfxpfgne#Wz%@=dr1kW%5*{)#q-Opg8_oOV?x-U zhk2dw5^vaK=NyY1-o`Xq$Z!Uf*;v=AUqRF6LC!>iOC~Wyi(eN=P#sWfzoZ&G#Arj5 zs{6u;vV86>U`rx9+yhjhrHJSy5Zh&Kl+0CuUa}VQswWcwBSamY0ze?j*FR^@-Vd2i zTy#TL6<`@8j3mx1FXWqo8xq#FfgRL~cvT$5OqYyo))Pe%G&MUy`6at@b7MgcD_{^e zmK5M})0M%gpqqbQVkz?Q$sI^8%un{5pba}km$-Q$%MfO#*d!E zw*S*1`}dwhTfy~ADdM>rp+Ou|KcB-}zth{*(<{)%wjs3q?*WMN;T`R++Q&=;5LRq& z#BtjwK{6hm6mv*>jd_7HM!_`oTs;o<$f;5J0 zalyu;8nahDOfk6C=ndh!x+LX$UM7`z10X_*t<3NvzPY+yyX|cit)c9oL4ZVu&Lr;) zi>_dlrf|uG^LtHR?0@8mu!wI{=R0UY1&`wFFlEnIHzKGI%j}gUFA)r*6cB(F55b-j zLiZ*-PCk8eY*Ra{xg7EWoOqGX4aDeh+LCNo8A&o!_AoUwe4b*dekL-(UXz(zQt;48 zyNk2QyRCX-5cQIm*EUO2YFZg$#Ou+x>7`l91@Q$rJ_3>GOkxe`gtnX#+wM&KXX{2DSx|91nawo6(6`=qrkQX}&DKhiK;UZ2tWf#rG2*95z zP;Rs>9hhWIsgsV9M#HZruGY|^`*aS(dMrvAPONy!F-bn!WV10Eg0t98kk zLu_0*8*F6_eF{iZd@pl__qS2rW{o-D=mJ@pp`&IUCq!a%+XS;(37?T8wA_44_OA_3FM=BG> za$nJM#x&LndU9#N+j1>O9W~va3$Rq9L?$$ybp9-y6$vSlpm0xJeT$-yuQ=iN`nxHw zsY(Hz)(>1AgWe$XMSFwoX zbtej0*``uTK7g%aPOEvP^X;Sy6`qOq?Iz1t6B-Oi|i1FuT$>TV2J#vew; zC4*Bo+dJ!~NZ+EPInohtzBrrZ(!50fYpOd(Lj^JWux!}fU5srKVxUMBx5$9dkY6x9b8ZI_0>kvSNJu_% zHJH;S0GIXoO}otmeF*q08^Jzf%8Jn;B=0p@wg-En7T_jnv`~Q2@uj*m(jx5uMn2d?tDQv#HHB4!ja` z>5mJ9tK>`{OrY22fYM6#Nf0?nsiFyGELS*hD7|mp%I@MZdYKtw7k~WWR>66>^(jO= z>>(y`8J5}@#3D!q$fa_BshR50s&!h?z+>ho>-LW=&&rYLz&s-J8hj~KO;&(tj11?B zLe?NK0T6u)3LqkyO^7$`k6h*Xwdk4zw_w|LdF+m;Efoddhyc#c0(|dfqmrqy8UBeWg1mg6lTVCXf!^0vy z_#X}{PZ&%X)Wj+i113Z_NF`Z$k~+N+HdzG5c5I7+Vya47T)VOS`rH+*F8?R}KQTEJ zT6+uWdYu&Q9$NCR=K)S9gIEB-xgNe(H|Sr@b#*9Jc6Ye-*{)A!FK7aFXI-v<@P5up zk#9Lt_8ERySrpGu1-*56s`$>JEjNJ;ips6b<=$)SF23&3*!FYiZ;6|I-+&7>zY_A^ zBHgW5#qTt?v{U`DIgI&wKu_9NGXO4HTWN7aq>x&n6ly~VrZA&^oMTug6TE6^Lbbxj zP=};Ru9?d{zAjKnh}r8km46r&dbo0d)!P!v2Q zpk!HvV);GSMiK2~nJ+GrPt{tg(SO?3D%Cn!=_(bk%B3Pjm;1k}`-&nEYrkpm2lI(f z3<-}*;e1R0tKPt2SRLG%ydFSBO+o7y2l2BJV&M{a`CEe1&zJ=R1pM1` zX=N&8nnvr3X`a~k`FOI2g}CGDxBBBU-oGWhi=r7sHKMY`<9HPq^r8sLAEnBf4oe1w z)n2ZutXbsJ<*%lxgq$wta9jS%Sx}7Hd z&`^xvrG2at;kK$tU?Fh0J&!poCS#Q8F_crU3FpLHVs^+YwtKPBYWP|e6hzY{I5Fgw zt2s_LrLf9*%@?)Ws*h1BWV%RjTv*9h&xbnv2Z=UZq#4`wFPUtoJwK5N!N^{WFh+IP z+t!_-5BcM>1KH_nIDS{iC4qbJi$FE2cadz{`z|RM7hX~_wY>20FRC^JrTM@mY}*CG zDBB3$v67!ApT!L;Z|5&)ClIzhW;4AqXR9VvC73Pju2f&{Q?M*@;FpeG%Hc%4E$)vR zTE}o9!e8<=(@NbIuGZ(z#U>{g9V!?ULG!Sc`9)<7Wu1$h{&QvCp_+2p)?UcU?`qAr ziFerYFjw*rmrUfHQ@|vU?5khHc@p9=DNTsgB9H?3L!Z4a+zBuw9s!0vajtjNM=qc0t7qe81|Do916 z2r}U|!S^ztQ{IOqWNL6yYQXCj3ouHaXAfO}{en03=k6)9oLtktyu~XWLXD@T)G(%; zCV2x5p2GzbSVy^(eK9CtGhu~Tsc1>cGNmlzVEZaJl&H5PRo zG)Ypxpzj0#R=h#?DlOc&0)?sJd1#LCb&B=Ds7r5hvfw!SAl8p#(G=8pMH5 zt!wgV$9ecw$cuyqnU*6pHHOc_!INXo!=rwP3)#bv=hpp*#2HW5yLwxwdIVApk`C>` z-S!~XJ_?NQOuFcT7@)jOV3P%ovb#x*W#4%O71XvqM=l|X`U&3fL(cxCMO52Q$JL}R zvkjQd+V1j7|2B93-KUyO8-i=Iib1xvt|_yz-U<+Zlbfk}?5PcnYGMVMUS}8NSZ&T8|Z%p?9c_1cSnz zQrzn|*=)XDl5J%l!K?C1aN7g=u}#eE4J1P6^x5X{2?LaQXTaRtTH)TKM|m}&P_k~aFeEgDrY7vKRtFiV#3p4oyO+EvB}SJJ*Dyi9+cV3`hq zS=w;;_mB7w;QH1;2r4|A+YVSG5*ZyLPSNwY>4Y|o`QtOpRC;ZFULXC2;*pCIv4&ht zYTKK!Ixg~g+&t|nWu4OBlI;y!=++51LI*O85wAcO5puC9KMQi8p&lz%2@@>~kTmGEVybI}K z!Y>Zpk%M*R+R+{FtmlJ^NN`#61d88jT@WkL*D*CtCvo<&&GPr5Y;xumrBFTr zY*RHNe&VBog+ar1$~z^STk;=Gsa_~#^d>C^i(f4}#UJOW^jztVoX;M<=H)7uVeVjQ zQIa4UHbE9}`8Ql+Fa>#5!h|7tG33A=FccD4GdNC3VtKR{8^c-39A8%3q$c-JOArpW z-(Gmvb}u_ifpw3i2@XNF4MG9N-mWTtnfs&ZEe*!HAW1h%KMM5QNo+4j4oR?gkGAps z;?3YKQa1nidU+WnAt_xEbkSL-_wwO=f!nevzHiqe%(7aa?MN&7k<)`>1et57!x+}d z0VJ#GcslnBqoRK2f+YoU7R;SpMba7rhbjjBM~fVXq`Rp89PTg97A15dTu%!+xU8E4?%<9 zc!kM1i6n>d*~==*JJftUsx=T1BuyMq`iVKoJMzDsVVy5lS);doR)v8;_WH7H9z4ct zE^njGi`}|9RS1wV66@l*>q3AVX(%TS{8ywEtoMT7RNEh?X=RU#O@>1IhbXw<;c{<9 zAr9aVM|Gcrz$;(FoT<<+BeFwG;rrrYh{u0M@oxI)LL_cxf0iey+465C5g>;dsx%sC ztypCE{)d*g$o^D~p_esgr}zn(==%jI@)3O=p=GEimrq=#f&TS1UNF>nVBj$0FN{M3ad)RmM&gUf_;r#^X8-quANgQ)41Wep5gY!b!r8sH`WPQ6xKw}~#DtqOCsg{I6jx;KudiCV zUuo>2aZP|_sL>ry*xleSYTZVrLqn%L)DCH~3+jtmscZB5WF9M4ChsJlLh~AwJ9c;k z9W1=MeNd$)8OV@$mv45e%=y$p)Ss=KBxhx!OvRdTzd^rs_dCKPK*w=WtvfaIm?mgL z;X!3t!lOgzKkiaoTui?&ftvjr762BV}2)C*V93gWYIP(!C`3`?Eb{##3S%Pxqjk7}@#((S&4gBX&ta2Li4R zid&L00pxK4wkw;&%Ap_vA@c<0Ujl7BlwpSO#@b}<=0&mq9%~wI#0aZ{TetNa%C@tG zy?W=DCIH_vIVkf27gYTxN~P1!^lD_7p;$yg{y;L`7_X8+;NbTff~79KckL(SyJhaN znI^gNeOjrnEGEgL?#q3w#;4Qt0j~U=_vqlZ49vt3QL_j24y&ES7sJy(X!=GnScqsy zh4+&c|2YNt;Q_`UklTKCKg?x#q;N31Rypa~vohn0G#A^iTDwa=E|9v*rnY{{WMBKY z=x7h`Or`9}V;Fx1)#@A}nXl#)4V`Fi75%$=m{VDkke=@OgGoeczt(C;aK+cYsA?eF zl=c(GaDIfy1&e_S;r-5-(Ux^Oik@H+ra5$5!F@*AtMgq_veHBYtho0GGnyE_W@*KE;;io z&j57J>4vO$sc_b$_G$D|^rA2+?q@^9!a3zVeuzf#XhbkZns|3Tmr*&Fq}N1J#ZLb& zc__|;V%ln7Dwu9{>MSNUiEpr|{qjuJkbS~4UCIfn{nIue^T`s200)34cGzn&X-ULXAO-Px*cTR9mH&k_ZFWMN_2 z+m4U!3Sx9yP8D`%_p?YobUI(Kuyk>K=eQzT8}XKhW;KS2tAO{_wh=B@rK){c*07h| zOQu&cBmhS2V_m3F(~p-`O<)gZp+7a-H|H4^;I^%L0#naHRH=k}%PRs~_c^4r>Bel8 z?x^!V1{|hwF>k^12V>@;bCyZQrN%N_RBuJpz=^j8R~+w%Z{`w2)4cbUkIS_^?*a^v zY~pLL?OK59u}f8;c#L|Imhp(~pZ$axz2McP0k$AskhJbbhOQWu`w7Sm+J0zn);lLw zj(0NQt5BH%H;R&kmMz8-Q5D;}I2#mL)F5T_UycY8dc129y;m}L z0sP3iJCis{UTR&^e}Xi0R@<;esPtX2mS$3F?lh9XCY6spVrUkhO+s6>!DL0_M8#^w zDGkBDU;c;UV!xxfM1u-N?k(g(W0zdf|E@&(5j`4v)OOWs%7l1FZjkfLHxV>DVAx_W zf^JknXPxdz_u@Cc0Ik(Ns7Q=q%oJxkl-`tB_yNyIRePN^lJo90x%rDF6@Fo=#=o-) zIBBNyCz~gNP$p*uGsH_AsuZx~EfX2*<=i>T$*h*=`ltIjW|Z4^uw{**v_ZY?NXxw? zRsBg-DgN+Ds&e)S{ z3pNl0QGP-JHa(aR%o)-9rKHg8%VPfcZmpS()z_qDkRN4>9BwH0sXu**a4s)mB2K;8 zA^x&SH~^ccq}Yzn!p3n>cWje%C*%!|Ru<2UQEjn1fIXKKst>DVA_gyr-0+nNwL#&V zTbz?n#Ba@Y34Svp;0$Zo&G3K62Kc}!T1Y9a$Wn^tv%5O9YNYe6M8ybE~h0Kt-TCXSw%X*UMC- zGgr?|I`X>MOZ9&}@cpOTkyr13LLcB(ODuvP@wF4K(ri&}%M)byV(};x(c0L6!pCxq zWj*PE{#Ko2xyUQ=wyzgw_2GnZfd)Y{yWViBMJvm9^Sz3!^G*Q_Y@TMF16zw(N7bWF zI~&L;H%Ywr^%1vxc`u_+QW&+&ZRTs`d1aBNj_vmuj}xAqaypNl^ym%9j%|B(;;{GKebKp2P|pobrm$|lG@tHl!+&Zxw@4Jfg) zDbKfNFx2-lK_q0=9yWg#9ZWViO#q-i<7~m9ZayL2lu{W%8X35)+jc3lE;c)zUYi&vrLe!S0J9wp@D{ zb2}b&^sPTx9xO8~e0y1YYg~KY<=fC!(6kS~nK3*&ZENMcIh{33NRgZGc$}?9?6tl> z-{7^GVesl9UNz2noGA&|#J_Tpl|5-+_;UM{()nCesn^769yM>){2sTkgOVdT<7Dr z56~&4o3r^|LQmf zdWQYWYfGfid37RPmKRstC(vb(5{h*{ zLF-E!;Vi7f`yY34Y9PXlcgMEBsL1UpL;}~B>_=_r+>DN$6t@f1GEkc z6TWaVqNnrSBsaCux>v1U7xOJ{#fUnX^+z}6ygl!U6UJ{+o{d_HKIybxjS1Snw|4#U z&%PO_sKEF^!eAK?>W=;=|)aV|H|6T&vkqb`;mSi|~2)GBl z9(BGBi(I9RLt3a;VBHR9N^jr4{}Ah+by&f(wyWc`aqq9^67OGP991C!D9QLO#mKi= z_(*3QMPX&w=+!BM%kqm#RmW{(_2OOUo6l2<-$P37^?r+x?qf34?RL>Jgtt(t^z`Ik z6H;bjWGVXSaD4yiq%1kQVLN`ud62k?t+h2WKbi9g2TcFI_|d#*s84A54!I{eHOAoA z=(E7n{;k7S%!gxfFFq^L8U&vsil;DcX(EX}G^ItiL?NUgx}|}sNe}%ZuK2022&-`X zo2)!)Q{2|cy)!f=|Lpq_DzaMBM)GP4>!EcQIS#ddwLX(T>(F@@!xxvSZjZg%A@_HI z|Npv%z05sR%>43zGJ2-tahy5WtxGAj`6=1QBv)>iy8|WEe$l`qPhTd`@93QjAH~b# zqBu)G+R99Pus}GW*QJuhQng(97u-fgZ`206K)N3lZ1w6snivO#@|;Sg$#l19@|R0n z5aFbTrjT3Vsi`BA-mayQB&L>U;#-|OJ7nE(Eb7U+Vu=_lY(#|>lf(=(jb`>9n1D6cV1`VS2bQ;hgicC~rxN}(s3{=SxnN$;|8mKjAWZOp263Z~<; zUS|-NQ}G&hPD2B(ZuYP1>VAT#AUcU5Seg8=_G;|V(*q{+c8Uj;ufit{({}yQq~aXf zwWiXkTsJNA?PI4MPY!|)+X;aZJoZZsVgbOEYQLAGEHZMB_}44Zw`nr>b^lzs_Ph48 zM)fZyguYYG*;gd$D=6(=hovO}mqk~j8GJ|x`*7sEM6UU|)zvnGpyVP6!Y3gbSokCvRo}xlZo0S^kjzK&&t;Oe|=tO=- zXB4bVVXxmS-+IvLEL7!(rV<(3yb9l^pq1_|Zp$yyaq*XhoY1fP6M2-0Dr8)YdJ0U$ zPqdE7i3%GOY&nTSEUS6G2SQWCD7Sl}n}VB^w7hLq9o0#0fdZzUcQ+0U(yMuAx_Cvl zZTRvXj}GwJ#d|Uv9c{#$wVwUuXJtuET5I#@xSn<1R8yLY3GR*#GD#)UuicxB)`B?; zjF;Cm2(SLkOg&x@)mYi{mnn7qz?@$v%t|(`$z+XiY~|+|7uNyX)t0~8C6w(_z6M5BUpR4L zJfH9@2t=|W3;w#!3PT9VhW||5f(^H~0%$uqV)5~eO3Lv}-9lnn@j!o~<3uWip{@xlVu`vOWVW=gwd2b#X_^jRzCw84NnN66i)Li10qW# zzQMF+(I$}yh6TmioSA#PiI%(&<*rZ>_{e*_Cn$sgk5WdDnL z(DgiNsYcntl@@_&wJ)l@*7U8w#P>|vEq4bqOC5)8^KX&@*fI#{t91ky%K;zu2*a~^ z5fKF49sbQ-2fukF0X=lE7t$CHHM%kqyWS$H&)IqX0AjV}C zLk31~#S~Wb`KspK^jx$su*brT>}2^5h~#IKtEcM{QPM=&pkw*(>fz4qF5btr{f8h1 z_k8j2tj7Wx<;=Ek3Q#Fj_rHa0FMd3OkO!Mvfwbz-T?gnErSA`dJgaM|%Fu`weex z?Y1y!zGplevA|&dyB~>@9pzfmU8SwWW)_OfTuXG>8B$C{pdA`PRCZtOy~y=`bC8tp zB=x5N5;Z>+K<~8f@5|*m>Oe9}E~ASDqz4M(j4>JBfbTID1w_!T_N%YkOqZtjjLF1- z`XqcAdq_$>{hID}IN@fA(*}bwFVTPRZUiNGiv=CG_v zt+8&Pqiav2Q&MyjLLR;_Cu5(hRbe&|CDM@44*C8&)X2zw7)K$+Lp!=w2fCR+x<)cy@)~8CV~**mhZ|?b}lP{wE4JxcvGKx?&Bp3H3WopTp)x z7Pj(=!v!LnXcQYU(9C@_@N@uNvSY@_vT$E4yZe&t^-)7gIIIX?vA;Q@3@KXAt_U@~ z6*IdJ3(i`zo(243S6PM`o38vemXw_1jNOSO#3GG|)tZe+eaILP*Wo5sz`n`%l|_#U zu0Td81btNe0(IPhCa~B8?X+ug$xYk(L=x&Xif6p(We5COR+N65lY|+xnUil{~hbMs_5~e7X)%7dHcUar6r!cWgG~W^(I$wV1 z{kGHjr8kr+B>5c+mC@z$*(wjwqh{M5+d$#+QQvLFbt8MMzQJe!mT<9`j=NKFm7?fZ z8v{27lfCYc{`^fEyNQHl)=;N$H>^7UYE$RS$+{~x;-S}dKxwDiDzJqfBdO!>t!A&xJ#dDba z>FY508}snht6mMiU~iyu;M~vm+bNjGMh(ag_L)OJgP2`MT;P=PAiXlGl$E73H(8st-FLDVsMvBzx^W;6@;q| z20kZtYe&@yXwFPFIH3 zQR5H9RJ*)TDZ&beZrHnPCtzL(=C1bG5}B;A7-1Vf0Uqv`c*)QdlR3snT~9!cIRMsX zp%mZ=jGAUx&$l0Qg;jWHM=YVtUK26DdWOP7@g%`?RKNFi5&u{j|_%d zlUC6#T09C$tqxzw9*<_X`S|U2lh9R&Ag?Vl&F;Z0S$q0Q)ZAVx4pO&64Y zu8*?kH;59!R(shJQn|HD?vF8Ue-{3Q=kb7JWj)N_@9T@8>YLU(JJ8 zTZr;LDz)a8-mFg8(aSsv?{uv(l*f*SVy)DhpaEqs1c~763rci-cf&ULmR_Gso@F{= zN6{!Av5O^VLq5rys7`emp;F6*O&t2@zI>tl@pi5J29$V8lnoEVi=D`%8-<(7R?r<0 zUrihLId#6>!0_WwOsOkiZ%u8`h6w2nHCay=t8^w(F>+jzWPL|mMc9vxFZP@XKJ~dw z$U(c~)>1HW)7_WIuKe={a>FLKMF&Yyo6 zA79W>YNS@yV40jq;-jdl7LTt)`BRrcf=pmVJ$|aVM(jrM#AlnDyteasxU=DXukCYN zpYt*TL@5>cscfGM97aZmnT0&|mkXW|7JY9Ja-`RL; zt3CU@7nebufV^d^7G=*?=j#KP2m;%)VjC~0Vk_DRI{tThn+59)bFKe8UzS1lx*l^} zxe%B~GU&|uDz1=j*(3Uevu8M&ILgiZ84Va?2^HPdePVk{{`5;qC|{5cTgV{x)iS4k zdBGa2?-5co?2Gi~KEizN!*0`F4;7Utct$1&^P>nHY9l_ZXAiKT?@9jI%#NLth4{wb zO~mG1?#hkPG(~D8k%swu<=p3DVWpgA^BErXBRy9YMotCZVOXSx@Hze~BM34n_PCyG7kEW_KU4r$+sNQ}Ut=pV+ zlt_W{<5STLyi3aj=KrN94Up}}9evbK7Wef%C1k(YrC1*xW^KCEMZ9`U;=y84Q6X4C zqw%Nt^QUeo6i3l?w8}dKldOu-#R9YebL2-#;QHx>EwHGjW}m8W7+?3|Hy_1vjqVRx zX6Vm0^j=HGF+U>3qgk-;_Ec`f0%p3c_6H@vAl4`GcrcRhd;jD$2@yHANg9w1 zXf^g^jpyAkLfzcWuo3a>!QT6KVBdRA^E-uXLM0wk(y?KQNKI9!8(ZWb z$E(|ko_ZC2*~gif(YbYj#B9N%cEI%FgmXNu?C6$2E_(mGnX2JzM z$4_^R&af?soZ-7SxCbWM$D_6V#mPfgwOM_sQ+Att zdQag_KM%fwe8z@?^?RuNiFA?Xbpt`55I+ijVnBXu*E^pZ^2x!}`n^#~36iwjiDIo9 zAQ!rQ?GcYD=F!I5albhsQ>e3s(wvY_bC#SeF>i{QK26(8KXwqGU-V66vg}!RLm7m? zboQSR8dM{$NrI~w^zyPVD~dw!_bC01+j1;(q9a+N^KuB(Uv=G97E!hmXVmw>SZr_ult5>|lPw6!yH>z1+|~E4v3?IS*x2bL)8pC2fc{>o}VI z6iI$mrr$nBQ_Q&+c*)QiR2=k)cNg#f0<7*O_#Q1@>oqfU*CPt{=2$qWAWTO^yGOO` zwzQ_WjATFHo&UgOr2cM$q&J^WN@aw+j1FH)Q2;KPM~AekbROvi1sz}w|` zpT&dL!+w3Vo~JzjTE|3O(uH$@#+##LaAR(UNKKXq9kd4_cHIzs_{p91igIZG8~UDv zB+)rNI{)1lmd~BnH6dFM>5r*Kx?6G*Eirjp-_WqAj40y-BQXcb$33akL!9mCLk&N? z%dqiECSo`5HM^TTP~G>Vez?~M!t)o(fyS;J&8i$OJ%;OTz%?EW`uFz`CL|ab0`mZ4 z>>QeFMMHq#0TpD7wW8>+({N8-Gt(o(jMT-0I}BhI**?TS1^NZJ)bE{%*)NiQ-chSf z8{$-n6>Rv|NnRmP>|@B&1008k%+=p!`kp>x>zCXj{I-N{IFv~|E4AfT=&UY3zOcPu z`3wZSkD(U+tr5chX>@RMIn$gu{G)Rk_T+SzoVW*&DV|zc83GT>*d1Ttf%2Y?B3&#B zC;lSM9*+dD&D|U+vJ1^#`FFtO>c+%&E$bWrT&0Xu>5HFK4}fCrX7f0)p~+$Xcsy0b zmMOp*tE}kf7$ahJN3Fjyin#11;Tct*@D4ip+sWmYheOTyd6vEeEU{o#pZ$-3-Bc|1 z{_*>WG=ShD<3j;v837*Z0kXj}okWf*N=Z)FpM!ei?~Km$xn>boWv1{V8%=+o8^1(e zqiu&l$X=46Z9YtdpQetR%8ggiw=2;MAq53BsRmpt6;N8%ubJn(}+1YxGxwbg^H`ywI<<9P#V8?hj=QD6z7i7QHf zxDV<}B9<9I2;KLWKrrQJv_R=-0m-=m3PVKNa{yv8nSbsbI+-Fv`jR#O6AzewtG5B; z&D7U6Rh=ojx;X*m3g-+%K{n_tgbq-k2>bT4#M&2sNWp=`yAyd!3CEk4$!W7uc%ybm zQv18YFH?tQ7hCU*k_~cle@C(Y=@={)81l(XvLHoJCK2=2zwwM`Gj3*IR+E)+nbYI#wC=04EnSay=eqab zJ5?7Zgc*w=(6Wk?95-X37n%_GN?M>v#=Qc~R4o%$hN-8doaU3e8&8gcbJu&c;Q7QG zOWg(Ogg>R-uuYBWN4)1bAS+5VWll}rukesgsN7JiuOdng8M+Kag)Uw)KI(yTqlo}7 z2h-=>&MhAPfn+h^zXB)&^*ew(L`+s2Z7X8a98^t16~)eve&0_4A;LoRmLO?CY`ux! zoW+f(>?K{QNxftg^~EsE&;tmzt^~K;;3rXf$J{&d;HXt^c~%tujo*v*F|;^mH~F}M zq`kA{O{6q3N0HAf&u^XWzi%DFDnU9`Nz_o$u(`5kY(iTQ(}RL z1L={AZ8Eyxb1z{P*P(!5S#WfF((h1Pn;JvKx`5bfY=eSyJ208t_!1lV7NhgJZcRz# zugN^^hxmylb}{VvFcnqudEMa{&#MYYDCT>S~Wkh;E2$n`MIkRtPrOz zxpAfIfvI-fNbrWzBO!Qdy5eGaUh9DJ%r~JTn`j~lp!q-`kzO;_yvOxZ%y>&)p~g2v zK;?N3VzELKc`b-S;IApTr(F4a>d``bsnY~~{K-?AQS;aK2f6R;%sbNZd#W&@cP>>i zY8w2T9&LET2cFlb`-T--{X+%L9^bh64oT14L)uU59j7ZXnM%%ui|h-Z}nXnU0n_C4ks&)UO25ac~&I}b>7cAB8tVC z5l#4x=w~vi2}|yMWMuzlTk|kMEXTP)KzA(*08_OkZQspEOv~By+##(mXY>-xcM%PW6RK1Cy3U zR_;e`34NWaw~-L9@n3HiiOcthCWZEl%ZJ zq*KA5azbd4#%@nq=ezN;&`xH%;Doq6%!KyG{~K%XSO{=fL%H<@Ti9F-hJocx2*+5I zJblKSo;ZBgIn+vGa@xBbk@+MGtbBuDGPDVAEf{zLW^QlIF_z#AF!+*BNpI}ho^$NC zVt-_?3Y5`)3U8v^chtqn^x!>)J@l3dnhj32K)WCASg+HFJIXex)USgnO=h7geMV zKaIU*E=9WToW!)SceU9!c0r*xXhYFC^A$)wJ)b}EUb(-^NmYP6i?tEykPI%;4(xw~#!LIV}C{K&JyZYIg z)~d@!*O}dN;TYE+uEMKlYiq`=WaVy|-986j+?VXjH*i%dAHIxodGOKY{)sF**KQ}z z3af)$FuDhLD>@_1enRz513TrwShj}N% z*a0{})YCT#A-?;uIl;6T7t!$zjv8^qkAg_)#YmA%-sHZ;(rk&MG*(kwTV|D)?@8vO z@N0e_m`;SfjRw`t;Xlj4J5?kF zc%F)7sU4}Jcqe&^AXtq&D(qww(Zw(oY!-_OZ$`K?c1rM6Se$e~EcG==bwB*}2EgvVH7L~ zup3-UT8buACUGCxO)rAYw^5tHMR{iGjh&y)Oi*C|r00Z94-Rly;a3J?D*cNp`i?)u zoP5sRD?yCc)&*O-?#;+XWJJUqLx z#1kN=8V4<$5Iw=dRR@QK&p$u0Q|9LUiTCX!$cI8%AJlK(i(lk=jpO)2ytqaC0(7Pb_4^9quM;gOdvRn*b&(9$bfxVa!je-31C%VQvny4Jhyy2E|6`ZxcL z--E-diC>Di^67#!nXa-{@|UR^6@C# zr>QyI*bh0lYxA#4-Rfk+iA)66-=ir)a_RYqcaSra&Ub023f~(K#Huk$i+VUP^|)~Y z+jN+z&b>__b`7L%-^rT^zAZs(nN>aUprLz-6vWgr@$-_|O2QLpYs!*_SOv;)5%j89^7}&29?t@Fd~N zOHN2_txWt94=q7QMnJRqOq+|S4|G~n*53fkaD0;c5}{j{F4 zl3o$Y>rT(uCW9f_hyWrhJHJT(i3`n02o5Z#F}H}u3|Hg;6HXKK<@eesWq={xvY4}$ z&(IX3xYEBz`E~+;DQB1sN@_f=8o_YF`ZF*hreH-({)P?ZY z*d)d)lU*`%^1_aUNuU0Jp*9y;!M6x6Ekk);3L{R31=jw1(y2C?GGJgA$BB z-vA!b`EcfZrGL#|x{qQbd%)|Y*3)`kQzE2Gp_1<_6n#jlonoZRW^P8Vu2~LB3Gqp3 zP^GS~DGSp0Q!d316r4)Q@s6eS$*~ARtuo)KEKhBPlW9FgN0Fd1A*%3!%2m@xX$I*? z8*5rA{2!*iI;O2Z>=zjBF2mj3-QC^YWx#*|W%zK1;%>toHr(Cahr3hUx&6I)@6G+I zX_F?+>B;vz&qsUZmLzOcIk(N&7L|-%C(^{H@xW$bp+9gz`cbxCU(n2@-rHBJQst+g z^-J}9rmQEFTOt>~1*i>1Tz_RMkf)V_U+HAicrTQnMm=jh41__$XdP-ef1V4l)V~+C z-R0OJUB|u*N?PH^&p#GH$ZV2o)4|%)$4l)3@++G?VDHGT*M{RhXpR;Vh5pp(=yu|IugMFfa=3x%5YA47U5jRQF{xFdUY%K-KUqh8|p- zhTu`ha#p{AjShp;&0)9jXFs=fI|xIx*!j?q&PD`@o@BkQ!Zy(kk;A+s-z;^n6R74* zAjhBJ;|kc9zHikc%mxQQe=KY34vMPj2?18l;bV7#3tjpO>z#GAX+EUcJNrD4xDav&* zv071+o06HMz;-~GbK+ljt>4hFu34`pS<5d8a0>fvT?JfLFXgCvsm51f%}N-FJW9NNw;oUkFtqDLUv0V3dHPVTXqffvL8b&z z&VDh)71QCl`A^#Lo+DP5h&TNO7loPD9|GV;-$b#+BMdXpI5Ho2CA->!5+9beOsUH% zll(?t0+AS-<%|vCK!-1%SV2z6EICj%@~E#DvN@+dQh>xKD&&Z;8#yT4S2*Ik39dn? z`gDgL!i7Sx`6?2MZ|Il#M`mLTy8iKSI^?c(x{;30C7B?DPlO`0Mft+zRl)8=f8Y}S zC4W6{nWMy@XlA6vyCLT+1J?Y*< zD)60lxp`NH$4t(Wk(X#sYZMvoX7T9QV1a5+U-L6 zM-uV4Zu9i62E*89%bBS`^^eVK+Xb0)n5-6D)tXESHrWkVCqiIV! zlKiL>*a(HA?T0`3PJ76Th+dxG;g+d3AjjBII4a~~jwtWCz3(bS{X=>CtA~W-bNyBL zO+1S^<;e{VTj7@8v$DXt#A|yubd4-UX|EK%K2tjPDwPb$jb1D_EuK36JY`9W;!aV1 z%+2;dkn^px_fr!x3jO*Y=8qb4*J)LGoCwFu0h1|x#aE^ zL52@wI&2zdCLK%$TN!X&BSXh{7pEYijHBv8S$e-z+XheU$v^R-T`t|fMrW0Z&F`KwdY>?;y&(Q4QrlV z=`S%sxbpAS-;gm*hh6&>h3DLgKR$u>}S%Ojl>MTG7!8xjX)fU!4JauC+c zHW`$W6;As)r@UYy^HoUEJAqr41WR2FL_ug^B@^#-zJdGF_28eYyH?WJ)julJ??C!N zemhsq8y@GV6EasXyz1v<>r8rjLlM^_Le`@+52UOkMW10XAgwfX56IcbJmK@~0nR8+ z_g<@qxh@(A_|PCu`lhqSn6h+CdO!qOD>}n}Rj&CVBPXGs8)!vBCQfKXv6mLqS&kzJ+gux`EbCq1+ETuV1W3(LwWfD~c)t!E%Qstc(Wo`{DPnDEe zXOGIb(?5zl42H&Z@2V#ntl;wGd1tViNBAWVmAUp)mZR9)@C5^ykd}^4?}=@bu6f-? z=c3WlIQha{I$H6?QhC8Dm@;N!^ow7_jS+wVDD*=513Lz{Q4t_)GITk*rWTKFoCd+v zc*}d@ggwc)Lfo&o^mRgILH4lE*Ue72jkajG<3T(=m)3Al8|JRH4w6wbhX2SKF`dTq zEEU95eF(@NyIiNQ+VzK~#SNI;cj8Is>65z$=MVUg!rM7*Cl`3UEuKp-A$+-6h?Lbt z5_QFX(>8~T+c742k6NQ_iR@Es8j>o zZ0(Q^bEa;O{=gEd?uZKP$g?81_N5b@a$Z>aqcrnVZBEa-Ptk;e6;L?*9(5Yo)pFrN_+dah+lGT$z{gUy*)PMTfH?zJI+F!Xnpr8*y^B=U_Cdn z%ok!YDVBG3U(JA^cO#NPp0A$~Lb(1mdIcfX0aMtLt)wm)^?^K}q(lsU$RDvrjsv0# zXzi)tb8qp%!$ei+*J6yT5xg3jUw2j!%t>NM?l;s{%i8|vQHe0Fxh55*2b`c*aW08C zH`IsTRF`%jrGj`GbW?lII4TGGRgD*@SHp2>K6C*-#zmoOoJ8UKjDnZWuwliCbSG0nKQ|HHX) zjqe;2fIn92OKMQA`|TnVN;&)BG#y!FW0f(Jkb$ol0Qn`$ST%6Aaa)G}kF=ne=B6dc zSwX2J34yb5gV}vD7s;vtRpp-=B!D)@g|Q~(Ps^k62bNN(zxamY1z?2D09gicf-&Zp z_ZC`4S>T9TI)>Bf#MwM#l`8sn3HQVhYg#^l!H2^6`|I!UWwR#_zelPHY8n(UOR{ zjzXy*a#~bDm+`0Yq1Goj@w$EqrRBryP-)1hwSH1-jmfD5+-3(FXS&cZn7mZ1ZM3z} zm4Uut%`MBF(~_90=;4N0oVG2fPdIMiY{66cUQK%!U2 zl9fMoXIVtw4dj+L;j5cEH;avY5puzVe48s~ys?3kmGPM~pYz=3CBb)Gyt7;-RHC4n3c--7_u*EtcVo z8)1a^rOv(dBg?ID(u0=0q8`TZI@fERR+Jh0i)tj_)JOVItrFQVx2_7$F?22H#S=jE zw6mAMogGoJME=mf43gDSf;+&`r<0+_KaF`^*XT&eqTxR_9quz>N^sMM)Jr>9PCJsl zyOVI~DB~~u68(QdI{|W`A+>3-jx20GbbztU^D0OOo@3=P!udXr`|vT$&}JxL*#12T z0$D>L5t_=zts&mo_|7u~{SXp5tGXlDJ{4-m+1jlgsWHl!&};}^RY^0ZS0TZiL`MLb z^Uo!(D=t3a1t=YW{?^EaFpoIFz`!b+hvD#OA7*2h)Cis7N+!O(^~TOAE5}=FZ5xa; zeF0Acg;uh@EQuAKbiiV$LbXq!cW9m&xDBZDKyK$Sz8cj*Z$Gei!DMWn&(BK{N5ak6 z8ZN$L^9YJ3zP83;<@ZEA1p5!MBD8`COjn5*&U=2>+9iGQ>*x!_rY$a^VbZv1;^e}p z)!CbZ#G(<{PVz9<;f-80-OVh{V*kmh$$LY&5T?w7A<^Ra8|d#Se6%+6FciOX>S2w< z<+SclLU7`Fy3y-pG#}1ELxw?lA39+gCslsZh3TVbP0V_W#THD$NuWNXn6bm{xQUU% z6~U_RHT?5qsE$XopIJz7y(e;`8A4e=$r*^;%CRh^UJ}p2Y%VQ8KpT4hYo^bAA@*dh zm=e&{Gon;*Z2PA(gu>>XrcQ=pe{@>G&p{6@y219zC0 zTupHE74TZc8JAKWqwGoFM49YRb-6a;Vu&x8JiC%`!v0poWsYmt!_J}8 z(WRZifUP*ZQOTdb`R?ag*NpLG&aJDtJ8FL2RC8N! zgw}fuUsUdak4uWh7eL)rD@~=THkjqHB_JPPNOa|zI-&GO-_@!6xM*ZZRLZ{!A%*#r z736n~5f4*}OzB;MZA!1zhPFiW+fpy&T&AA4OEoX@3W<_lMWe@_6^-H1QA&+i;Jty; zHR8YW7VnHpI;VCeW>gwmvYl-+NX4`uC&HF5a$Cc zXe4}|%e>92#K%Q|D_kh;Avcn)%bRl4J|W@3BMuB@Rzl6U-#+=Nul*(<4yWHMd_ZxC z;is$|ufbnsc4Gz!=>9=$6L!?-$eG8vDqKZ3bn0A0vN73% z*S3=HOk4j0BFmUj&+pys*!!{hoCGD5p1G37vyE#9-}~}Xt?Qk$z+<gE8SyOpG*r;lK*vjt{^2 z^$DYFitsJXH`NwLn*X=x19iE-C*C}<&~2(mz@KR_l!G1gwz@qLLCcMKF{n6`Q!3?K7^Fu`I&64~3CrQtD z7*NRC)-Bc$Z1>nd18Hg0{Z2Z*kr`xlpRuIncK6vB3VpBFw@u=*rPaLqBUa8o4LtwAgO<9$9`w3AtjtcdDG8p9`#u?!*Rqs^aw24ew|k-5F$v3rHOU`Zy9BD zgz72<<)n=tL8UGd<*5j-s{}*+YI~xBP~jZ^8EnToy=G=}5u`PPSAxozUUf~BxF&HG z1y!neRI(%GVQgKzSH~*;kRKfrH7R>hx_UZLJK+FPbylsmY)MMc9XN!`52r;@Uu8Cu z7?_Q{8(uM?j!@s|^7$fZI^?PMj?5(bq9~7Yu(ua!2FKuYQ4f`A$#3fjA zSYd@1<$ou*=g1&Xmk?J=5@TvE=&t9TL=7^Q-)ch^P1xO4NOpZKbf>rF>_3Ux6YLXR*AC*73e%-f039|QS;I$ zJM-~^ z2tk9e-F44)#^qeAV#}4J7hF?#VAZ%a?p})HYTlHUcK&(?RfHX{DzwvAn(*tc zeRWK1WFtOLhZlzq&QnKv(^)Vl{Dn{Px(>VNGN^J07UIMbq8Q#Jw_F_)ssc`833I_$@ z@$IY$Z+uW)EpTG`6k=BX?ayLR4e*b5!rn@we+K_Br5@9 zM<_vlfaDYvpC`iSVNQ(OTl*)ejoo^>hm$bEzMhBQ=3+O@*F+c=6hT+vELKJP2~Smv zdCLse@t$%#uuK9I#fAk`RD_D*kc;jerg^r9A^^^?(ouIlsBjXf7&Gvt{g5ETlfty9 zX4_POZuG=+n(N`_cV0pMm10qhBkn)0Xyv<VZkZh1LsCDy0P^&>lB{);lA*hpN+>7>a| zh3^IaQL7#SA@#&sOT}_F1O`yBl^$mf=SO**G02Smk%Lau1fj#n^$@+Zph`9iYqelh zTinHsj2EqiCu*1Qj>sQ*6IL>aOm`6_BAz3jji=?tWUYM7XNffC(88Jd@RU&O?rxcB zHG6tgGx5Get?p{zcy=W*V9jkh`VCXr7KKbY3(Q351aVz1wLd`&M$^DixjRp{4SwX5 zR4?mA#`aCF#><@V9Lr`4Ot$2!gdsLuszYx}S+s)in zAE&p*y0_TF;sU*hp$@BWee{t^G>7y@{RIF@r`DpwAt;pHP|2V!a!;Ek_$Ig%PDe;* z*^7f<$!;$2t9>vl)x~YOJIP(d@ZsB+d5N5yIhKad#F1y&KR!j_Acl`wPcEVT6(=H) z@G7%ECZRF&>_0d*jZvvPIv!Ilz~P7I=8tuO<54Shr@D<%&!HZQo2IFZg``_F(7Qi& zxi~)e7oAPmKgMn-ybrNfMejOJ*8A3da)%++;kI1lSXjxH(d5=#+>(kW^{(6^@G99@ zs2d#=Tj1%#2Uh4=-_`gQD*ZWrk`0ptkQZ4pl^a6>63viZyDfW-2_&%w&%Z>$VEyM0 zc+a(7MUJt+43cEM#5OqoCj78zDT6*)D5K2)kKmPbM|Ja^Bk|ZdUUoo8T!w2sW`yBA zo2x{s;zZjjm3hIUBv$T>mX9!(CunXUFD>0)CBA}4Nft!YMk^r>w64}u*gl>}vuj$E zro{VGJeR@CYsr&Z1RMN_i@#(L@WB-IUV z2kaU<=?iei|K!tJ+uMN?MtC}a7TT#n0R83aokroYyFQ(hmXPo@Drl(vbm2({!dT}6 z78F>agW-ykbThbgOj|w`g_53*+_8M~-dt4?eW=32H~esgT;ZcNeD$_bSf^ zhS$(n?XUKjpEKUpr9Y24q4zt<9D|>_*0z+!p8dztn*%#`gpMQMzGPAXtAb*mGMuS$ zVJC+k)s+s6WV3k8tVli=h|VmHE7R=KE*8|%CWvs1OeSY63iji%|B^SKNfi0exkcV7(g8h zsL-y1)!j00=My=TsxfjqZanR=xM{L7E8LR6nh}K2w3*(^5xx!x<$lFE3e;oF^!f&p z&@xMeP_u>mB%L*MjT6T6;_dAG`zq7lB*%u|X_rZcJ@(j-&3O?sz5#FMw2sZ8@)7LlsIy7Jddwb|edi!o)>bd&b>{xy=s zdhqA4*Thb4c*#=h8(pL^t9m{3)unQ}Fs7RO5&^lu6d4wHjtWJ-GDHF`oXhE%_nO3_Ck-%C2q z*yGlOQE-ZPR{kP&*#}zYM3dXqiycE zz-a?EqYcRc{Let!F(=+5(!*A*C_P%0FEo>A)h^eO+Cq)duEaAe`;5CAbXl zeau7tcGMx*WC{=zAL6fk#=PsfmE3C7@6K>aHqz=YFq0Os$Cu}+*y35ch`I90g;vh4 z%n8QpmDbg7XJ8eE*~%kV`*E};f8T(g;%sPd&S`+x8JiW6v0K#Glb z#iYC=J;DA|93_Dod1P4Po3!ZtcX2T0DzD$*Bzwk(q4!i(C|qo$vM1X%|JF6CBg%H` z^5l~!=oc0w+Q?7Whw;kNF}_Vm)DgzZuCw-ni>RNj0KbwyX%jkA4p^(jqJ?R9@?ukWwGcssuch6GdHL3EHd;_)Mh&6KqBrTvCTnz8DIqn3)Lkw;Eu5d77z z&yd4!7K|Z<1=pr1E7#&m6ZmlFccBZgZI)!LjfGAxlLRO=Zw1?SWJ#Xcr=1}_S|7n) zDdVPlHQNRAtma}Nv!~$oLdjqTB9_o+{fLe%B#XUS) zBO{Lme}Vtwub!B)`?$(SvbQ3R=f6Id7iDp-(8S|~RZ7mp#D!@rc1fnE3qEWsm;)S{ z!$0vkJgt+`fe)M4>Qnq1kQ;PdvDjwXA;0gEu5XjpzC(e|Y9u`o17al0$saU1Y8VL#p|!NX>U~G+tw>|@ zWclTp9490H)_-{JxJ}C2_`o^tR%)1M+l#o#>K_)~4o327d*?k=D%nhM;Krx6kq=(^ z+}TWIFT1YZzn7WG5Hi`!vvJv9 zswNI7wyydr%}bv|@s%N1*MG36>+h{o8-W=v_3VbZhg?wBT{+ zf0tWtJ~P>=NSA%kM~60ZB8Wr@H2u@3&9Gl-EO@`Ds@Z*Mdz(>~Bb>4(9#)AA=1`G> z{}IPKNOr5l6*4QC2gP4f5k7t5iE0;3vu+H)fVr~M+1#8!U2QD*Om)O?J4Z%Qoc6(G zXGOV4^CMz)i*I;!hif8^mo3*PkQqpu6IRw2FR#pH{u+YO9Zh4DI_}s0FIbnSYDe&U zhfTJMQ^H`u742t?#624PYOC3@*)I8QXU=2jl42Kzfe&uo>n-uA@9J@4v=`FXNH;3$ zvQv4szHdM}w)wcYjO3a2%z;P}df}`kax=l+W9ErrAIUA=TFP2z&&}of+}-w54I+FC zl|QD>wn{xb;X%V)@jXNLbsfwM$7Q+H8HgPGU-#wNL{xq7gf)uQG3UQ2*&W>YQ*xQ# znr3paHsyMlA9sg;S$g!(9$oDl!pAwOeAM@FeAanqU7kuz^?81OS&W({Rb30nW@(D&oy) zsqTTo^gnqU)mob`yHC8iC0FRQK27(O(vCrpU3T>M>Q@U*Miw# zoFA(y-w|MTkS5;04}gxns+H_-BIzVrv~&}^g+@?!Nu}?4t4^iSfg<|i>B}M@G+fxh zaD$_6_T;=L{o~IQm)<$tbR|X|_TxtLJ3YFb2hfcFC3nHw9r4gBGkkkTLdEoc*rrnG zpe+)TpmfZ{zl<&*cux!;R^Xw@HvE?Hlf?UR8{>MOZ>dE%Ew-Xmr9pb=&-DuHx`g#} z0ik-8o?3K+x)AR2ZJ!*XmW*Zr%U=Cm+G)^6i69l>!7Of!H>|9(jqef^PD83sRdY}^=^Y{t}$?jnUuodJKG8hnNV14E5`wGh-KBWlqg$lo8 zhH!?1S_)x6)<^w>lbpRq<=G39Byi`nZ;QXnc^g1`>AU zUO2I1ejKBJ1%5I;4n=+SISL)^*@aXh;1SuTZ8rr;$z@Y5S*y=N`fs@xH;9W z-yk5dkS@k4X^LA}3VT@Imh$fwijEPM48^1C?zhP&d@Hs@mto^4_C|FvE!soUA6Spe z17T(ZhXVRgq?*mx?h`lt-M=)X#LbXBtmlM($>T_L6Z>FO=>==y)8p5g7aMok+M_*( zVpuC^)*z0?jHCC_JNrkX@zleSx2JAFu&G>+2=INE94yatEl_6Duox-c)&iW~7QEfA zH@1yhq$Y2au7{AHm`N{r2A0W7n1Xs&Oir0~A_LgAzoV;Xx>@kRg2Z%JgUi<}NrPn7dHWS>t=_o23Em`ybmB;*qUpod zKsFtZyL>jUn*T&g<=Zyv@xs_{8T{A3y)p4SksuCetnhV=z#o0H!&KevuscZ~q=T2; zan6nu783Bg%sOB472Q+)dRmuX{8N2OG=H=Tr-h|$o77%Z$m*z{Y2S&{HzuGCHd!g0 zb(h3QsH&K30J0U`gfls+cdHz;mf$Yy2{nh3Byvu`b@>zdpt>*Us;>;`LlBJTfmS?U zRKCr|BMOsiwu=DHe6n;-Za=n2mcIyi_oRt8Ju2Cf=aYziPYFlICz6@RU)7!t8jx^zG)d}=DI?r76bz;#S&FU(>F4l+as95X> z^f2N=M4^H5N*cR?HK?BD$R-#23Z3-iLpor>TP;2WPa$cyl@8qL8`8o? zp^CeZ;Dw--0SeNlNINzr9ksLIZuA)Nup7*d{jz()vc_PG|My0aNsM4}CYRyZ{Qu!|hBbrK~{DtVsV|SO8jyc%WnCMM1r_u_0QN>wYXXKb1{`Y z-U;`7dYq;DY~m5SsIo)O*i;0?TWs$s_UOQ;s-XqXp?6Th0SXf$iZ6tJl*I4)wr^h) zFnx8zOSx5;=_+)j@HN*$gJhHSq~zNC(?F2%Ib~v-F(?^Py@pNhMA%jxJK&|Zr4UY} z2fxXz@pjr4?gi@UBaeM_XtEiE=E?Zqqlb2r%0x5l)A1g`w8x# zN8E#&BZz3&8SC)hUqcUQA!RPN8iluh@2a(Y&LV8b>=82E>#=bD_R*nM+u7{+AcTfQ zvKCyy%CX0CUA_#XAls;`=u-NnWToST*x&N!RihK=K1?cjHaUmevhP(35j56`%W~OY zN1Y6B%I+t?ZvQQr)&L28X>%;)q~$)j4pSlJyNDW|HHy^{_jL5f8CUZl&K-UY*KMjD z{RF3EPdO&JpCVspDSg0hzi_tyknX-5ubIS}?U1SkZ63^o$1u(BRCn~Aj#FZEeRtqq z;_&C-5PpS3sNYKpJO#Q$WC(`InPV@u9OfM_N9nb~=mMhN?FcDh!G#9(ExgFY2fsfb z0#H+MwtBU>1?6QM6&GX0GDo0ak8_pC&32i8+t)!$*f~ffBKaeoN4cp3%wgJj#`}6G z^Wd2kMQp>XG^Z#ID5`uO4M^t@$D1&3(xdPEp9>R|XyAA6mf7i(@@+J}pJxl>%bP9A zl|#3fa9m)?5bD?*vYlO`rPzuR3)C3KCVOq$)XtFf-$42JW@gKVCm@_!!df)wEy?#1V9ie&^7#EU<$6iF;P;V{=Z0-TOr2t3J^MkilT*a- zB{$EueGCF9o*{lPL?v1wvZo^e30U#6AaS|oY|teHP1X3G9atU@80^*sTy$x3I)E)%WN3$a8TooU+fz&4vy>g zRu;1oEvcy65mqDSv{qXffU)r()GGWR14Jq-HC6Pz++PpUh=SMy17*U&f#0I!WCe)7 zmJ}?<`_%N~;7Vylt$)xG!-Ee#KSCNPa6V-9p5s4YgWC~Uv9;QoWGhUZE<;E2?UsK; zfR}Z?SnSU~{Y~g_c*F|9>mE~$Bh7{3cw!|!fs#TZB{8$>q-$?{&rH!VacSMre*7Zmzr@*-7TmA_Ovp z)Fm+`S}fiN^zw(aovQP>c+8S>-(fHKat!OD_~(jw$Of#3MC$Ig?APCY@sySL*e=wJ z>IT>>+;Hn7uQFSb^;@;N@5L2s!R<=bU#v?50CI;NMPkbJ!lC28L=FLWL#t(DYgr(M zC(Tm>IN>%KLY!pXyCzUnx&bkudvr8x0(D%;!w2Isdy6wh5Kq!y^>0+A@t;nbOr1!u zOchlH`W$dTaAfQ}J&$*Z^zPU-@U%V_k`1~3@zrGb+P7cPD!6@lCGfLHkb{KrqyDS3 zWy&A!6QQhgWVSuhHrYn>gxMz%M6oE{xzetn z2PK_KjebOzycx5@?AY%*BKqWB`U~ul?ybnr3B-qX;6n=YhpnGLK;W;*ONncp^3GB@ z8LEI!9#JWtk9uwzVC?lOk0<=1OLc=Yex@2vELZ{)tbV1zCIM@ARCPd=+y=bJV7tk> zYB{G#4=&|9!uLMDvOl8Ca5@))@kv(Py(HO_8W6V9oX-7nm-lEyF*^tqhHPj) z0D`;jf=&7#8yNUs;Clezv-A}y$cS&OO6icqm=E^2jRK2oZFLsu7By8gk)CbGK>ll- z3jVlV_pQ*_kwOp*G!x>ML8zngI1GLXEiP>l66D$>v?(xvQ&UoXjvx;km~KF$Z%`e> zm7+%H8k`_UH&W8ok;I{%&LeL)Ve`1FNK3>B(g+jZ3Iwe^-t?`r`;~8FNiXlYh!@hb)7LNk-lI? zOXA7XbV?;vB@})cv3!sjUl+=1NMPPu(@7@vrTi^S%|0WNW_vh+sW#++NE2}d5s>1SY z1qJC0#CCfuQY^}o>??f?N-`@U;q_)t;?c1Lr~Lg9U{KZibSd`vwk4Zpw*NAYp1S;r zY3orTx%Os-a+Nzcz$3bwoyTiF%mV9y!SE>9I~FVvauNNSZ36~!WdfWaa8IZfz%}U)cu?>f?6%cQ z7zw-^v8|cV>8RyVy=x34-6-Q=55%D{$q`kA*IWANb5e}j;-ZIy>q%F`=aw6um&mxz zYD0?dchB|R?M{p|)|nz;pMY17v+PO|Bd*PZnk4>mAv>ac#>QQJR?{9q$a3pU#CvN}?Aep>+VN5W!1`IssPsb)X zm*MG+aLL#v{&h85SAxq3v@7IwBCg20;YlnYwg!OOVk2X~s-OGc{+tt81+w?zKrmJJ ze(vEMKvfyO?us86P*F->H*z$J@kC8w))5c4OjF4u_wAWnVfc)oc9-Ry#D7N<*5FG$Z7a;tDYAmG(Yo({^ z^bjb=%CDNvx^Kn3MVF9?h4s5TzplcoDmQ<^yG@Bt&$UwT6PZLvX&9&4peF@2*i@kC zpQH|xqrpt(QeG%148^JOAX1KECNI=k!=&68yHSgf{y^B(0V~BM@ga4KQFo>UTjavo z8Og4|9M}4Jqs00mS~wy|4qJ$K!<)9l182gIV%Q2@WF>~$4d+{)B_o@0Ac#go%dDgP zAMbA>T<2b<{fK4PzbB*s;{n72#+9(GNfu-qI&NLw+m|LNn&z@vCdnD}gvV^hGFzU% zkB_?~4<<_ME(ag!(;4rXVL`{3%9vz;B(l0ig^-kxpxKc3XTA<@Wf8`vY-RK%AS?Wr zGjxem)wxP_i;aW_ttAmDWcn!-+_AJT#tTZ_!Zh7c=Mq#O9y=MXmjkd-^w!s z^=|!gKcwg=FrTZ@fO|Rnt#&D=7}?vo$>qns~?&>odLysv42!3bq=^x z59?nm59Zo;-_0L~;mx~jH-aEvZjQ`?TjlGwV9ljE!!V{b?)fb&3f`~^Y+nvmEn`Fg6*#!FjI<=1uZ@i};Fed?49jY~j_~ zCb?YgzDvgpaNbAxn)>2S4CTdn^|?!)^nDT=l;mKKDFz@!(VNA_`Zfm0q^G6{_e>-{i|Xg64GMBqE(HzA%%#dc=C z{1G9S9eG!{%Kkn%E*u~f=U6mQh;UcBt{9)nyM?27R3&*V<%%2@IgVR`Q2`37<$JKR zvW)@gpT~;}Me=kJu><0doz>Bf2L#H&nWSYA02uxsbn@&W>?8G=FwE@;9CgInEM|g@ z^u)qgNzq0tXnG^YZzL>k5kSGA*Pf)3uoZDN|L6Gt$9MNnGEs!2=zEiDZqG5Vu{!@DiwmmQ6Si0YoTu7C3rP=;^}umhISLJ0be!;&Pvq@_|c(ff3g&)d-lvizT~BS&PUK4F^03rdhitB?VHws!g< zyAt^TF8wF8200UGQVK|{lk<*om?6{Q>9n9P&$%grrxWtvk5VGL@~ zCCyV;E}@m-SrXcg{56wv2nSe^Pw&-cPwmkOKYHy1Bfbo%%51x8v{+8gIvt5p|FCkh$}p3}3|{v2?vAuYU_VJR+k}6oQ7Ve$fp` z7z^#>FZT;-9o^J5Op3N62q?6dU$+_t!-qGkmkm}Kt<>#`Wf(q#DWuVgfL{ZrIn zSnkZMyOKi3LZbJ>K+|>fAK>;}<1-TE5QkKbI+*)p!zy3|t$B$kd^z$iu8IW~CeK>k zv4KWUakT`JI|<1dW9mwIGwb5hvToA!jD2&7v+%lt$a3U=s?|7Y|KJO}6XbIkY<$#* zwkNEtaT&Z_Ch$JXGQUetqM~kIbE(piiJ1tA=Oj23XFF@IbMz{6Iv`lN#;>gFHk)&! z#m^ZnhIGopEWvD1!sj2ze%Oqy+~N(IC6sVGFP|_}TR7%*2eMj6%7?V>#oF*xnC8A9 zQy#Nt_c+kLKVq8HnDi`M1Cl4OjRZ@0<)UJJc*zfoF-8Li3Jqb@pe8LSS zyJ2>kbfR^=#lq0+9lPb#!@4)iw4ou`G07oI0zyGGS1z7``K65>R7@l`9v-!?nF_n4 z`xl1Nm&D%r?NIR^wUf_qzLL2&`)!6`C9jgrBv=etqdGOO(c!nYI92sbwQ@g%&)_`A+y8p z<-JZQ_0~8!Ou5$e1TOiBj?eRFP1LJ#iUk3Qa8bxOX-q?%e2L%kwy!tt(u5x6QAgXW zy))S`O%JEB@j<$?RG~89)C4@Y9h2UlPHmSgbuZw>Hjo_`r9`TH+ci>XJ7af&-hLRk z;~`W;(#@wCApmf03WQfawAZysDr9`fda8V?V&ecXXFgR)*Tj1BBs=}jtV8k~;tyO`XPk_P z03}DkR6LSxt6G+yPKpGQyzzc?!iOpFXo@G7N9Yt*cA^M2aTfXRQf+MK4u(38_uVuk zh4PH9hz={S`R~adxq;iKK_s5tO>^||8aD>kN~D>vO+HbsY}3l{Jzcc)(RI2%E^Ni{ zuuwBZ(p^a-#SU=8FmN)Gnv)Qw+$tG7a%DRE;4>FYIw^7;nmg`O3gn~oND*^7D9a5& z5b4`AD?*ka?jm{8OyyJFjPG_50~K~x#t-Z#LYZwxVrYmlAx*O(;8e{~np}wVF!e3i zF%d=mP5H=V6BwLSbli(UZPRh~3DH06*yhlGJ0$MSU&>@FZ>f%Zt3t*4Wa4S`WPWbK z%@lQwvsoOpK4Oe%OpQ%|Jv37(!&SunGdo~$C>$Xa_$GpGcOjmB)LcbB<|D}Efe{JR zp!TOx1*G!Epoc(1L0kqGg^rCr_i{i* zg7!_RLqkZpL(*+z;w>ccNkmA;SKoHXXYdguQK8(VgWI-tq=_n07NvxG&~kHoT^^X& zF~9qrJJ~c}ML|Zj_}d7!KCPDUqq>ZrImv7OD4RuM#Up`TvC*s17^y13+I58$Wy%i9 z%u8%$lFGGxUZUl|WyTc$dTT=j#&m*t6VCH31z*9;{SAR$(!)GGlFLv9IVTD+g3LeP z;!&LPM2f@bM@}%R2>z4NGEe>OqqHC)HOvEm1P zL1`?7m}KD{je+vE%+d~iWtsTnuP8AKHjB|($^5c7MG-(Y4NRFayjR3Esd$r@$u)|Y zh3;CKS!YMu`_tAq{8i56J!|0C8+vIUSo366->R+R9PolR1O+8IEHkCcE#r|Y6Q%I| zjo@WUSAlxby*~^)sW^Eq24aIo3euSV^+(x%fm{Qd~NN_E>q70wcP6_LWc&2LK6k4OZ22yKm(N6{4=I9 zbOoyO7Zvz#xd#yrJG+6<@g0}?b5tQ|0NObg#cJ%69pk>KDY(V4=J;i*746z@jOD1a zR6*qh^lJ{k<$%fAE2#$051>r*T7(!(t_Wm=>xxGaV{n2FYG;T`HZ<~NW9?SC?$|%F z81yxbuJA$lAm^If$NNo_DGa`Jj52N>a4u&N7f;NUBa$rrP5j6sA*d-k0AF-M;VSR5 zPtKR)M!}A))?@cM_IT%rt{=9{GN44y<&Vm7LbJ9z&uj#ZIaic#KtA|-0hze`??vXn@>fdn@mm3? z|64=yzilLeln~%M_u2A)s!9IeXaDoA2Oiw{>ktx1?67)9Y$&|2wsZIYf1M2x zyPbJme(|$=XP=&V1*h%b4>k-w;D`=ySsH^j2haY9;9VL1pX#pur;R!e^R~qh7hF~> zj(NU7B5w`g9Lq4s-e`~zSEOMF3)H*qpvdQFL?8T48b zcWqJ_FqIy&Qn1(po}=DabJx;=S23=ke}VVwbN9XP=RVK#hx5Lxv+Z~VVl|XB;;8dqRwcSZeju}?9SI7G+>qDLrX0@OBa<@6UXZdS4tL7Z_ZuRwy>G0uTv3lj+eqN9d zqx1nmb-$cGoT_~9SW>h!1u?Q6_3|vxLUI#cQf!vTcEuVT4;ItVHG%|YP&e1ZFtL8k zjki!is^}*sR)S&$TvkCC!G33Us9Kee6JR+mz&Xkm4{TDA=7n*5(nw3EW4E1mIvY1C zZL%d~ULbQ>ryztzjb9a0tb$Nu<;T??u@f6&vu2;Kk`Nsz&oY4W%8^E!#AS5~Yz=Vn z2rCEW9nZoRR=~GlgB$D}c)U0TU^i^tE&yw9j_Pp(j!01?M*-1i3?8HfC)oUCnbF{I zmt|kTV(gJn&SJr=!lBfH4=zLTviyX;)@o0hCCVPoz&UA?AQv_W5yDE*)}gepD{%lB zH;xu+iajSpKMCQ~HNHR=YZ_?0_3DetUJlAQxd*x~YYiGi7@j^V1$#4R7AASU;4XFe z%`LXJNd}hKisHEO*QB~lnA?M&h7B}qL70s^!UZ?AWQmLCVo%&B$WrB;bscO?=8vf@ ze53`L?79PBKv(0HozE0a@>duaPU^eKsi>sMXGrPK8&*v9=0WLCM_lY*)z>~dG1vXO zHvsB@`eVEwLB+KFQRFN7ePdW+QoK+u>ny2$UK4SMy74-GC>PH1hs@r8?N02VrR#pD z8*HNtYA|4gwdn`(A}OZpKiCssPnr5J5i4lVQ4U2r>x`qqZGFf|?O0LcUC=CTUE=rb z$1eF)*AYZno+Rit_m)3Y>z%&&2`2Xy#y>+}&pS(1ofoh;`o525_93N&nm%tz1UDSG zifvIzq28)P`vsr-Lla(utsxZZIX`_d1HJkVEL8mH2kBG1(|@?@G*LmOK4noYoc`Z8 b?XSH+hUtjZ:" > /etc/iscsi/.iscsi + sudo systemctl restart iscsid + ``` + **Note**: The `iqn` must be in the following format: `iqn.YYYY-MM.reverse.domain.name:OptionalIdentifier`. + +### Configure UCP +Using the instructions in the [UCP configuration file](https://docs.docker.com/ee/ucp/admin/configure/ucp-configuration-file/) +help topic, update the UCP configuration file with the following options: + +- `--storage-iscsi=true`: enables ISCSI based Persistent Volumes in Kubernetes. +- `--iscsiadm-path=`: specifies the path of the iscsiadm binary on the host. Default value is "/usr/sbin/iscsiadm". +- `--iscsidb-path=`: specifies the path of the iscsi database on the host. Default value is “/etc/iscsi”. + +### In-tree iSCSI volumes +The Kubernetes in-tree iSCSI plugin only supports static provisioning. For static provisioning: + +1. You must ensure the desired iSCSI LUNs are pre-provisioned in the iSCSI targets. +2. You must create iSCSI PV objects, which correspond to the pre-provisioned LUNs, with the appropriate iSCSI configuration. +3. As PVCs are created to consume storage, the iSCSI PVs bind to the PVCs and satisfy the request for persistent storage. + + ![iSCSI in-tree architecture](/ee/ucp/images/in-tree-arch.png) + +The following example shows how to configure and create a `PersistentVolume` object: + +1. Create a YAML file for the `PersistentVolume` object: + ``` + apiVersion: v1 + kind: PersistentVolume + metadata: + name: iscsi-pv + spec: + capacity: + storage: 12Gi + accessModes: + - ReadWriteOnce + iscsi: + targetPortal: 192.0.2.100:3260 + iqn: iqn.2017-10.local.example.server:disk1 + lun: 0 + fsType: 'ext4' + readOnly: false + ``` + +Replace the following values with information appropriate for your environment: + +- `12Gi` with the size of the storage available. +- `192.0.2.100:3260` with the IP address and port number of the iSCSI target in your environment. Refer to the +storage provider documentation for port information. +- `iqn.2017-10.local.example.server:disk1` is the IQN of the iSCSI initiator, which in this case is the UCP worker +node. Each UCP worker should have a unique IQN. Replace `iqn.2017-10.local.example.server:disk1` with a unique name +for the identifier. More than one `iqn` can be specified, but must be the following format: +`iqn.YYYY-MM.reverse.domain.name:OptionalIdentifier`. +2. Create the `PersistentVolume` using your YAML file by running the following command on the master node: +``` +kubectl create -f pv-iscsi.yml +persistentvolume/iscsi-pv created +``` + +### External provisioner and Kubernetes objects +An external provisioner is a piece of software running out of process from Kubernetes that is responsible for +creating and deleting Persistent Volumes. External provisioners monitor the Kubernetes API server for PV claims +and create PVs accordingly. + +![iSCSI external provisioner architecture](/ee/ucp/images/ext-prov-arch.png) + +When using an external provisioner, you must perform the following additional steps: + +1. Configure external provisioning based on your storage provider. Refer to your storage provider documentation +for deployment information. +2. Define storage classes. Refer to your storage provider dynamic provisioning documentation +for configuration information. +3. Define Persistent Volume Claim(PVC) and Pod. + - When you define a PVC to use the storage class, a PV is created and bound. +4. Start a Pod using the PVC that you defined. + +**Note**: Some on-premises storage providers have external provisioners for PV provisioning to backend storage. + +### Authentication +CHAP secrets are supported for both iSCSI discovery and session management. + +### Troubleshooting +Frequently encountered issues are highlighted in the following list: + +- Host might not have iscsi kernel modules loaded. To avoid this, always prepare your UCP worker nodes +by installing the iSCSI packages and the iscsi kernel modules +*prior* to installing UCP. If worker nodes are not prepared correctly *prior* to UCP install, prepare the nodes +and restart the 'ucp-kubelet' container for changes to take effect. +- Some hosts have `depmod` confusion. On some Linux distros, the kernel modules cannot be loaded +until the kernel sources are installed and `depmod` is run. If you experience problems with loading +kernel modules, make sure you run `depmod` after kernel module installation. + +### Example + +1. See https://github.com/kubernetes-incubator/external-storage/tree/master/iscsi/targetd for a reference external provisioner implementation using a target based external provisioner. +2. On your client machine with `kubectl` installed and the configuration specifying the IP address of a master node, +perform the following steps: + 1. Create and apply the storage class: + 1. Create a `StorageClass` object in a YAML file named `iscsi-storageclass.yaml, as shown in the following example: + + ``` + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: iscsi-targetd-vg-targetd + provisioner: iscsi-targetd + parameters: + targetPortal: 172.31.8.88 + iqn: iqn.2019-01.org.iscsi.docker:targetd + iscsiInterface: default + volumeGroup: vg-targetd + initiators: iqn.2019-01.com.example:node1, iqn.2019-01.com.example:node2 + chapAuthDiscovery: "false" + chapAuthSession: "false" + ``` + 2. Use the `StorageClass` YAML file and run the following command. + ``` + $ kubectl apply -f iscsi-storageclass.yaml + storageclass "iscsi-targetd-vg-targetd" created + + $ kubectl get sc + NAME PROVISIONER AGE + iscsi-targetd-vg-targetd iscsi-targetd 30s + ``` + 2. Create and apply a PersistentVolumeClaim + 1. Create a `PersistentVolumeClaim` object in a YAML file named `pvc-iscsi.yml` on the master node, open it in an editor, and include the following content: + ``` + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: iscsi-claim + Spec: + storageClassName: “iscsi-targetd-vg-targetd” + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi + ``` + + Supported `accessModes` values for iSCSI include `ReadWriteOnce` and `ReadOnlyMany`. You can also change the requested + storage size by changing the `storage` value to a different value. + + **Note**: The scheduler automatically ensures that pods with the same PersistentVolumeClaim run on the same + worker node. + + 2. Apply the `PersistentVolumeClaim` YAML file by running the following command on the master node: + ``` + kubectl apply -f pvc-iscsi.yml -n $NS + persistentvolumeclaim "iscsi-claim" created + ``` + 3. Verify the `PersistentVolume` and `PersistentVolumeClaim` were created successfully and that + the `PersistentVolumeClaim` is bound to the correct volume: + ``` + $ kubectl get pv,pvc + + NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE + iscsi-claim Bound pvc-b9560992-24df-11e9-9f09-0242ac11000e 100Mi RWO iscsi-targetd-vg-targetd 1m + + NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE + pvc-b9560992-24df-11e9-9f09-0242ac11000e 100Mi RWO Delete Bound default/iscsi-claim iscsi-targetd-vg-targetd 36s + ``` + 4. Set up pods to use the `PersistentVolumeClaim` when binding to the`PersistentVolume`. Here + a `ReplicationController` is created and used to set up two replica pods running web servers that use + the `PersistentVolumeClaim` to mount the `PersistentVolume` onto a mountpath containing shared resources. + 1. Create a ReplicationController object in a YAML file named `rc-iscsi.yml` and open it in an editor + to include the following content: + ``` + apiVersion: v1 + kind: ReplicationController + metadata: + name: rc-iscsi-test + spec: + replicas: 2 + selector: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - name: nginx + containerPort: 80 + volumeMounts: + - name: iscsi + mountPath: "/usr/share/nginx/html" + volumes: + - name: iscsi + persistentVolumeClaim: + claimName: iscsi-claim + ``` + 2. Use the ReplicationController YAML file and run the following command on the master node: + ``` + $ kubectl create -f rc-iscsi.yml + replicationcontroller "rc-iscsi-test" created + ``` + 3. Verify pods were created: + ``` + $ kubectl get pods + NAME READY STATUS RESTARTS AGE + rc-iscsi-test-05kdr 1/1 Running 0 9m + rc-iscsi-test-wv4p5 1/1 Running 0 9m + ```